Microsoft will make Exchange On-Premises a little more secure with the introduction of Auth 2.0. This means that on-prem installations will soon also support multi-factor authentication.

Microsoft brings Multi-Factor Authentication (MFA) to on-premises Exchange servers. The update targets Exchange Server 2019, but also works for Exchange Server 2026 CU23 customers. Specifically, Redmond is introducing support for Auth 2.0, popularly known as Modern Authentication or Modern Auth.

From antique to modern

This is essential because today the Exchange-On-Prem authentication system can be called ancient. After all, Microsoft still relies on basic authentication, in which login data is exchanged in plain text and MFA does not exist.

Modern authentication will first be introduced through the Active Directory Federation Service in Outlook for Windows in Exchange Server 2029. Mobile and macOS support will follow later.

Microsoft initially had no plans to roll out Auth 2.0 to older versions of Exchange Server, but changed its mind when it decided to push Exchange Server 2019’s successor to 2025.

Added security for those who bother

The on-premises Exchange Server has played a major role in several major hacks over the past several years. In rare cases, cybercriminals can attack Exchange through a zero-day vulnerability, but attackers typically get in because admins don’t update their local systems in a timely manner.

Auth 2.0 provides an additional layer of security, but the question is whether it’s of much use. Finally, it’s still up to admins to enable Auth 2.0 and then roll out MFA. Whether companies that patch insufficiently despite the many warnings make the effort is an open question. In any case, Microsoft explains how to get started here.