When it came out, Exchange Server 2013 removed a lot of deployment complexity. It could scale from a single server to the millions of mailboxes in Office 365.
It also had better administration tools, including public folder and mobile device management, better availability with automatic failover, Outlook web access that was almost indistinguishable from desktop Outlook, and a hybrid option that let you start moving mailboxes to the cloud without giving up all your on premises servers.
With the most recent updates, Exchange Server supports Windows Extended Protection, which improves Windows authentication protocols to protect against authentication relay or man in the middle attacks.
Why should you upgrade to Exchange Server 2019?
But even if you’re up to date on security patches, you still need to plan to move off of Exchange Server 2013 in the next few months. After April 11, 2023, it won’t be getting bug fixes, security patches, technical support or time zone updates—and countries and states make last minute changes to their daylight savings schedule more often than you might expect.
An Exchange server contains some of an organization’s most sensitive corporate data, along with a company address book that would be useful to attackers trying to fool employees with phishing or business email compromise. Considering how quickly most organizations would grind to a halt without email and shared calendars for meetings, security and support are critical.
If you’re still running your own Exchange server rather than using Microsoft 365, it’s usually because of regulatory requirements or extreme confidentiality concerns, which makes it even more important to stay in support.
SEE: Checklist: Server inventory (TechRepublic Premium)
What’s included in Exchange Server 2019?
Although it was originally planned for this year, the next version of Exchange Server won’t be available until the second half of 2025. If you were waiting for that, upgrade to Exchange Server 2019 instead; you don’t need to install Exchange Server 2016 first.
There are security improvements: Client connections use TLS 1.2, and soon TLS 1.3, by default, and you can disable legacy authentication, which is vulnerable to interception and brute force attacks. Moreover, Outlook uses MAPI over HTTP as the default connection to Exchange, which gives users a more stable and reliable connection; although, you need to enable that in Exchange 2013 before setting up Exchange 2019. There are improvements to the compliance and data loss prevention features as well, and calendar meetings that need to stay confidential can be set to Do Not Forward.
Plus, Exchange search has been completely rebuilt: It’s based on the Exchange Online search infrastructure and can index much bigger files with better search performance.
Moving to Exchange Server 2019
Although it’s sometimes possible to do an in-place upgrade of Exchange, it’s not supported. And if you’re moving from Exchange 2013, it’s unlikely your servers will meet the Exchange 2019 hardware requirements. Given how much more powerful central processing units have become over the last decade, you will likely be able to support the same number of mailboxes with fewer servers.
You’ll need to run Windows Server 2019 or Windows Server 2022, but you can run Exchange 2019 on Windows Server Core to reduce the patching surface. You can keep your Active Directory forest functional level at Windows Server 2012 R2 for the migration, though you might want to improve performance by upgrading that later.
With more powerful CPUs in servers, Exchange 2019 doesn’t need an architecture that divides up tasks for performance. Instead, it’s optimized to make the most of the hardware you have and for failure isolation.
That’s why there are now only two server roles. Mailbox includes client access services like authentication, redirection and proxying, which had their own role in Exchange 2013, as well as the transport service and mailbox databases. And Edge Transport, which is deployed outside of your Active Directory forest to handle internet-facing mail flow, reduces the attack surface of your Exchange server as well as adds another layer of protection against malware.
Upgrading requires updates and complications to retain all services
It might seem strange to update Exchange 2013 just so you can set up Exchange 2019, but you’ll need to be on one of the two most recent cumulative updates for Exchange 2013 to be in support and for it to coexist with Exchange 2019 while you work through the upgrade. If you have Exchange 2013 Client Access servers, you can proxy traffic from them to Exchange 2019 mailboxes, which gives you more flexibility.
One Exchange 2013 feature you don’t get in Exchange 2019 is Unified Messaging, which puts voicemail in the Outlook inbox. If you’re not ready to switch to Teams instead, you’ll need to set up Skype for Business Server 2019 and use the Microsoft Cloud Voicemail service. If you’ve been using Exchange 2013 Unified Messaging with your private branch exchange, that’s more complex to get working with Skype for Business Server, and you may want to consider Microsoft Teams Phone and cloud PBX instead.
You’ll also need to check which version of Outlook your users are on. Exchange 2019 doesn’t support anything older than Outlook 2013, so if you still have Outlook 2010, you’ll need to update that as well.
Use the Exchange Deployment Assistant to get a step-by-step plan for moving from Exchange 2013 to 2019. It will walk you through the entire process from Active Directory schema updates and Domain Name System settings to configuring Exchange, moving mailboxes and public folders, and removing any unnecessary permissions once you’re done.
Tips for decommissioning Exchange 2013
Once you have Exchange 2019 up and running, you can decommission your Exchange 2013 servers. There’s a handy checklist of the steps to follow here, including:
- Inventorying applications, clients and Autodiscover connections and making sure they’re configured for the new Exchange server
- Obtaining a new Secure Sockets Layer certificate if the namespace has changed
- Checking the mail flow connectors
- Migrating the mailboxes
- Removing the mail databases
It’s a good idea to run your Exchange 2013 servers in maintenance mode for a week or so to make sure that nothing is trying to connect to them. It’s easier to check the logs to find that a forgotten or rarely used application or workflow is still using the old server rather than to try and troubleshoot why that’s failing once the server is gone.
When you’re ready, you can uninstall Exchange 2013, clean up the firewall, Active Directory and DNS settings, and repurpose or dispose of the hardware or delete the virtual machines.
Lose your last Exchange server
Of course, if you’re faced with a major upgrade like this, you might decide you’d rather stop running an Exchange server at all, especially in light of recent security issues.
Alternatives to Exchange Server
There are alternative mail servers for Windows like Axigen, hMailServer, mailEnable or Apache James—some of which will also run on Linux—and some of them offer calendaring as well as email. But, you’re losing Exchange-specific features like public folders and the tight integration with other Microsoft tools, such as using OneDrive for Business for sharing and editing documents inside Outlook.
Even if you have SharePoint, without Exchange, you won’t get all of the features of Teams or the upcoming Loop components. You can also consider moving to Gmail or another online provider with collaboration features, like Zoho.
Or stay in the Microsoft ecosystem
If you’re staying in the Microsoft ecosystem, the obvious option is to move to Exchange Online. You get exactly the same features and admin tools and the same integration with Active Directory, plus larger mailboxes, better spam and antimalware protection, and new tools like focused inbox and Viva Insights.
Moreover, you don’t have to maintain and upgrade a server or handle future migrations; although, the next version of Exchange Server will simplify that by supporting in-place upgrades. Most Microsoft 365, Office 365 and Exchange Online subscriptions qualify businesses for Fast Track assistance with the migration from Microsoft.
When is the latest I should upgrade to Exchange Server 2019?
Up until April 11, 2023, you can use Exchange Server 2013 to migrate to Exchange Online or Microsoft 365, then move to Exchange 2019 and decommission your Exchange 2013 servers after you migrate. If you use Unified Messaging in Exchange 2013 and you’re moving to Cloud Voicemail, doing it in that order will avoid voicemail outages.
But, if you’re not going to get all of that done by the cutoff date, you’ll need to upgrade to Exchange 2019 first and use that to migrate to Microsoft 365. Because once it’s out of support, you won’t be able to use Exchange 2013 for the migration.
If you’ve already moved to Exchange Online and you’ve only been keeping Exchange Server around to manage recipients by syncing your Active Directory to Azure AD—a common scenario often known as the “last Exchange server”—you can run the Exchange Server 2019 Management Tools on any domain-joined Windows system and get rid of your local Exchange server altogether.
Just make sure you shut down and reformat the server when you’re sure you don’t need it any more rather than uninstalling Exchange, because that will remove important information from Active Directory. And if you want a graphical user interface rather than managing through PowerShell, check out the (unofficial) Exchange Recipient Admin Center. If you’ve been using Exchange Server for SMTP relay, you can use an Edge Transport server instead.
#April #Exchange #Heres