After seemingly ignoring the situation for years, Microsoft delivered modern authentication for Exchange Server (for pure on-premises organizations) in Exchange 2019 CU13. The solution uses ADFS to issue and manage the OAuth 2.0 tokens and is supported by the latest version of Outlook for Windows. Support for other clients is in the works.
For the first episode of 2022, Paul Robichaux and I didn't think we'd still be talking about Microsoft Exchange. But, here we are - as with the new year, new problems in Exchange On-Premises greeted Exchange admins. On the show this week we discuss Y2K22 first, and then take a deep dive into why 2022 is beginning, yet again, with Exchange On-Premises issues.
Nicolas Blank provides step-by-step instructions on configuring Exchange 2019 as an anonymous relay within your own network.
Microsoft has issued security updates for Exchange 2013, 2016, and 2019. The updates can only be applied to servers running up-to-date cumulative updates. Organizations running Exchange 2016 or 2019 should apply the updates as a matter of urgency because of a known vulnerability circulating in the wild.
If you've migrated to Exchange Online, make sure you stop publishing your Exchange Servers to the internet. After a standard Hybrid migration, you still might be reliant on Exchange Server and in this article you can find out why and how to move remaining web services to Microsoft 365.
A new Exchange vulnerability has been disclosed this week known as ProxyToken that allows someone who can access an Exchange 2013, 2016 or 2019 server over HTTPS to perform configuration actions against mailboxes of their choosing, such as setting forwarding rules. Find out what you need to do to protect your organization.
Microsoft has released security updates for Exchange 2013, Exchange 2016, and Exchange 2019 to fix some remote code execution vulnerabilities. It's time to update your on-premises servers again, including those used for hybrid management. Let's not give those nasty hackers any easy targets to attack.
Microsoft has delayed the release of the June 2021 cumulative updates for Exchange Server for two weeks to integrate the Windows Antimalware Scan interface (AMSI). The change will allow Exchange 2016 and Exchange 2019 servers running on Windows Server 2016 or later to integrate antimalware engines to check HTTP requests for potential problems. If ever there was good reason to delay an update, this is it.
The Hafnium attack on thousands of on-premises Exchange servers is a wake-up call for their administrators and the organizations using the email service. Ten years ago, it was a reasonable decision to stay on-premises. Five years ago, you could argue the same case and companies with bad network connectivity to the internet or specific security requirements were happy to stay on-premises. Now? In a world of increasing threat, staying on-premises looks a lot more risky. For most, it's time to move to the cloud.
Microsoft has issued critical security updates for Exchange on-premises servers. The fixes close off four known vulnerabilities which expose Exchange to day-zero attacks. It's important to apply these updates ASAP.