Microsoft Announces Next Exchange Server Coming in 2025
Microsoft on Thursday cleared up the mystery surrounding its next Exchange Server release plans, as described in an "Exchange Server Roadmap Update" announcement.
Like SharePoint Server and Project Server, the next Exchange Server release was slated to follow a "Subscription Edition"' model. Those two products were released in that way, but Microsoft went largely mute on its next Exchange Server release plans after its initial announcement about the Subscription Edition shift, which happened back in October 2020.
The Exchange Server team did later promise to "share details in 2022" on the next Exchange Server product, and the Thursday announcement offered lots of details.
Microsoft's hiatus in communications about the development and planned release of the next Exchange Server was due, in part, to the necessity of plugging zero-day holes in existing Exchange Server products. Such problems dogged the Exchange teams throughout 2021.
The vulnerabilities in those Exchange Servers were leveraged for an Exchange Online e-mail exfiltration campaign, instigated for espionage purposes. The attacks were carried out by a "Hafnium" group, identified as China-affiliated attackers by Microsoft.
Next Exchange Server in 2025
The next Exchange Server product is planned for release in "the second half of 2025." And Microsoft will be altering the terms of the deal when it arrives.
The next Exchange Server will be offered via a subscription only, and it'll follow Microsoft's Modern Lifecycle Policy. Under this policy, Microsoft just has to give organizations 30 days advance notice "when customers are required to take action" to avoid a "significant product degradation." Microsoft just has to give 12 months advance notice when it plans to end support.
While that's not much assurance for organizations, Microsoft did say that "we plan to support the next version of Exchange Server beyond October 14, 2025." It also claimed that products under the Modern Lifecycle Policy have "no end of support dates."
However, some products governed under the Modern Lifecycle Policy essentially do have end-of-support dates. Typically, support is at best three years before having to upgrade to the next product version, but it's often a shorter period. Microsoft calls this approach "staying current," according to an FAQ:
Products and services governed by the Modern Lifecycle Policy are supported as long as customers stay current as per the servicing and licensing requirements published for the product or service and have the rights to use the product or service.
The next Exchange Server will have stiff licensing requirements. It's going to "require Server and CAL [Client Access License] licenses and will be accessible only to customers with Software Assurance, similar to the SharePoint Server and Project Server Subscription Editions," the announcement indicated.
Software Assurance is an annuity cost on top of the software licensing that assures product upgrades with the term period of the contract. It also offers educational perks. It used to be optional.
The pricing details for the next Exchange Server are expected to be announced "in the first half of 2024."
Get to Exchange Server 2019
Microsoft sees Exchange Server 2019 as the baseline product for organizations planning to upgrade to the next Exchange Server product.
"Our guidance for customers who run Exchange Server is to move to Exchange Server 2019 now."
Microsoft promised to further develop Exchange Server 2019, too:
Over the coming months and years, we will be adding features to Exchange Server 2019, and we'll continue to support regulatory and data privacy requirements. Our continued investment in Exchange Server 2019 allows us to deliver improved security, deployment and management capabilities, and reliability -- the attributes our customers tell us they need most from Exchange Server.
Microsoft touted Exchange Server 2019 improvements that arrived with its H1 2022 cumulative update (CU) release. That CU added the ability to remove the last Exchange Server for Exchange Online users as one of its improvements. Removing the last server avoids potential avenues of attack, as seen with the Hafnium attacks. However, removing the last server in such cases is also tough IT decision. The gritty nuances were explained in this Practical 365 post by Microsoft Most Valuable Professional Steve Goodman, for instance.
Microsoft's announcement hinted that upgrades to the next Exchange Server would be made a little easier for organizations.
An in-place upgrade capability from Exchange Server 2019 is part of Microsoft's plans. It'll mean that "you may not have to acquire new hardware or move mailboxes" when upgrading to the next Exchange Server, Microsoft suggested.
Organizations may have plans to move to Windows Server 2022, which uses Transport Layer Security 1.3 (TLS 1.3) by default. Microsoft announced that it is also working to add TLS 1.3 support to Exchange Server 2019, which is expected to arrive "next year."
Another Exchange Server 2019 improvement expected "early next year" will be the ability to get a dashboard view of the patch status of Exchange Servers in a computing environment, Microsoft promised.
Microsoft also plans to release a PowerShell script "next year" that will help IT pros remove manually applied "mitigations" that were applied by the Exchange Emergency Mitigation Service, should those mitigations be no longer needed.
Exchange Server 2019 updates sometimes wipe out custom configurations set by IT pros. Microsoft suggested it's working on addressing that pain point. In particular, "we're working on changing Setup to preserve these customizations after a CU is installed," which is expected to happen with the "H2 2022 CU or the H1 2023 CU" releases.
Microsoft also promised to address problems with the Hybrid Configuration Wizard's propensity to wipe out custom configurations. An update to that effect will be coming "later this year."
Basic Authentication Getting Nixed on Servers
Microsoft has been engaging in a long-term effort to eliminate "Basic Authentication" (user name plus password) from its use with Exchange Online. It's been advocating so-called "Modern Authentication" using the OAuth 2.0 protocol instead for authorizations. The end date for Basic Authentication use with Exchange Online will be Oct. 1, 2022.
Microsoft was going to permit the use of Basic Authentication for Exchange Server when used in customer premises environments. It described that notion back in June 2019. However, it now plans to reverse course. It'll require Modern Authentication for on-premises Exchange Server instances, too:
So, we are excited to announce that, in a reversal of our June 2019 announcement, we are working to add Modern authentication to pure on-premises Exchange Server environments (e.g., no cloud or hybrid). We expect to share our timeline for Modern auth support for each Outlook client later this year.
Microsoft Exchange Event Returns
Microsoft also announced that it will be restoring its Microsoft Exchange Conference, which is getting renamed as the "Microsoft Exchange Community (MEC) Virtual Technical Airlift" event. It's already scheduled to take place on Sept. 13 to 14, 2022 as a "free digital event for IT professionals."
"Historically MEC has been known as the Microsoft Exchange Conference, but this year we decided to swap the word Conference for the word Community to emphasize our goal of reconnecting with the global Exchange community," stated Scott Schnoll, senior marketing manager for Microsoft Exchange, in the announcement.
Microsoft TAP for Exchange Server 2019
Microsoft also announced on Thursday that it is accepting nominations to its Exchange Server 2019 Technology Adoption Program (TAP). Organizations that participate in TAP get to work with Microsoft's engineering teams on future product updates.
Microsoft doesn't charge its TAP participants, but organizations need to apply, commit resources, have the right software licenses and sign nondisclosure agreements to qualify.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.