Users better make sure they upgrade Exchange to a supported version by June 26th. If you don’t do this, you will no longer be able to send emails.

Microsoft Exchange is a popular target for hackers. Vulnerabilities in Exchange have repeatedly been the cause of large-scale cyber attacks in recent years, which also affected Belgian companies. Especially the business clientele sometimes dares to postpone updates of the on-premise servers and use an outdated version, so that vulnerabilities can be exploited by malicious actors long after a patch has been released.

Microsoft will take action against this from June 26th. Microsoft has been warning of keeping Exchange up to date for years, and those who don’t want to hear that should feel free. This means companies have another three months to upgrade their Exchange server to a supported version. After the deadline, Microsoft will begin blocking email traffic from outdated Exchange servers.

Slow first, then block

In a blog, Microsoft explains how it will work. In a first phase, obsolete Exchange servers are reported. Although Microsoft claims they don’t have access to your local server, they will be able to tell which version you’re using from the email traffic. Exactly how this works isn’t entirely clear, but we made that comment at Office too.

Once it has been determined that Exchange has not been updated, Microsoft will allow a grace period of 30 days to implement the necessary updates. From then on, Microsoft will start your outgoing mail traffic Accelerator, This means your mail will be cut into pieces, delaying the arrival of emails at the recipient. Every ten days, the shipping speed is reduced more and more.

Companies that don’t change their minds by then end up on a blacklist. This happens systematically from sixty days and ninety days after detection you can no longer send email from Exchange. Users can request a temporary suspension of action if they wish to complete the update process.

info session

The measures initially only apply to Exchange 2007, but in the long term Microsoft also wants to advise against using Exchange 2010 and 2013, for which support will soon be discontinued. Petri points out that the restrictions also only apply to emails sent to Exchange Online from an on-premises environment. If you use a detour, the mail traffic still comes through undisturbed.

Microsoft’s policy therefore raises the necessary questions from customers. While updates have an undeniable digital security benefit, some see pushing through a newer version as a form of aggressive marketing. The measures can also confuse incoming email traffic from companies that update in a timely manner. Microsoft will be holding an information session on May 10th (at 18:00 CET) where customers can ask all their questions.