For the first episode of 2022, Paul Robichaux and I didn't think we'd still be talking about Microsoft Exchange. But, here we are - as with the new year, new problems in Exchange On-Premises greeted Exchange admins. On the show this week we discuss Y2K22 first, and then take a deep dive into why 2022 is beginning, yet again, with Exchange On-Premises issues.
A version checking problem for malware engine signature files caused on-premises Exchange servers to fail to process inbound email. Microsoft fixed the problem, but the issue poses questions about Microsoft's commitment to on-premises Exchange Server.
Microsoft has issued security updates for Exchange 2013, 2016, and 2019. The updates can only be applied to servers running up-to-date cumulative updates.
Microsoft Ignite 2021 happens (virtually) on Nov 2-4. There are tons of sessions scheduled and in this post we consider some important Microsoft 365 topics that we hope are covered.
If you've migrated to Exchange Online, make sure you stop publishing your Exchange Servers to the internet. After a standard Hybrid migration, you still might be reliant on Exchange Server and in this article you can find out why and how to move remaining web services to Microsoft 365.
It's often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange - however, the Autodiscover protocol isn't flawed in the way they describe. Even though the issue is hard to replicate, it shouldn't distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.
Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don't think a problem exists with Exchange Online, but it's possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.
A new Exchange vulnerability has been disclosed this week known as ProxyToken that allows someone who can access an Exchange 2013, 2016 or 2019 server over HTTPS to perform configuration actions against mailboxes of their choosing, such as setting forwarding rules. Find out what you need to do to protect your organization.
So, you've completed your migration to Exchange Online. Email flows smoothly into and out of the cloud, and all your mailboxes are now online. What's next for your Exchange Servers, now that you've made the transition? After completion you will have several tasks to perform to remove Exchange Servers from your environment, but there is one important caveat you need to know about; if you run Azure AD Connect then you can't remove every Exchange Server from your environment. You will need to keep at least one around for management purposes. In this article, I'll walk through what you can do to minimise what you keep and need to maintain, and what you can consider planning for in the future. You can also join me at TEC this week, on September 2nd.