Managing an on-premises Exchange server is getting more difficult: Users will have to decide between now and October whether to continue with on-premises mail servers or consider alternatives. The expertise to patch and maintain an on-premises Exchange server is getting tougher all the time. We’ve seen Microsoft introduce bugs into their software causing Exchange administrators to decide whether to patch and live with a side effect, deal with deploying a workaround, or go unprotected.Attention to bugs in on-premises Exchange servers that are similar to those seen in cloud deployments have only recently received attention. In addition, it’s unclear how well the integration will fit with other cloud-ready or cloud-first technologies such as Microsoft Teams.Those who currently employ on-premises Exchange servers should review whether they are all on the supported versions of Exchange 2016 CU23 or Exchange 2019.
Get on the easiest path to transition to Exchange SE: The least disruptive path to transition to Exchange SE will be from Exchange 2019 CU 15. Users should plan to keep supported versions of Exchange as the concept behind subscription versions is that only those releases will be supported by the vendor. Those who have fallen behind on patching and maintenance will need to review whether they have the resources going forward to maintain support.Microsoft already has limits in place to block and protect its Exchange online servers from interacting and receiving email from older unsupported platforms. It’s anticipated that this technology will be expanded to ensure that only supported platforms are able to communicate on the internet.Users need to consider whether they have the resources, expertise, and body of knowledge to continue supporting an on-premises server. Many more organizations are moving to Microsoft 365 as this places the burden of patching, installing, and day-to-day maintenance on Microsoft.While the CIS Benchmarks will still help you guide secure deployment of an on-premises server, it doesn’t reflect the fact that the number of companies and businesses that use on-premise Microsoft mail servers is shrinking. It’s worth considering whether an organization has the community resources within and the necessary vendor support to stay with an on-premises mail server.That isn’t to say that if you migrate to a cloud mail server in the form of Microsoft 365 your security issues will immediately cease to exist. Rather, you go from focusing on maintenance and deployment to protecting and securing authentication to your cloud assets. More vendors and consultants are moving towards supporting and knowing the Microsoft 365 platform better than an on-premises solution.
Get ready for the big switch to Exchange SE well before it happens: While the change may be months away, now is the time for users to review their needs and perform a technical and cultural analysis to determine what is best for their organizations.Some may be in a situation where they can easily move to Entra and full cloud deployment. Others may be mandated to stay with on-premises solutions, if so, the only option may be to plan migration to SE. If you are mandated to keep your data domiciled in your data centers, an on-premises solution is still viable.However, if you are an organization a bit more flexible in your mail server needs, you may want to take this time to reevaluate the solutions that you standardize on. While not used quite to the same market share as Microsoft Exchange and Microsoft 365, there are other vendors that support mail solutions.It is often in times like these that we are forced to stop and evaluate our needs and determine if a more drastic migration might be in the long-term interest of our organization.I would strongly recommend reviewing the benchmark documents for Microsoft 365 to review the best practices that will ensure you have a secure deployment should you decide to make the migration to that platform. The Hafnium attacks back in 2021 encouraged many organizations to give up their on-premises infrastructure, the SE mandate may weed out even more.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3823124/what-security-teams-need-to-know-about-the-coming-demise-of-old-microsoft-servers.html
