Microsoft Exchange Server SE . . . the final version of Exchange?

Microsoft announced the next – or last? version– of Microsoft Exchange Server. Customers and partners greeted the announcement with little cheer, as reflected in the comments section of the announcement blog. After two years of silence, the shared news was received as anticlimactic, with a fair amount of fine print attached.

Microsoft Exchange has had a rather torrid time of late. The last two years have reflected a plethora of intrusions and poorly written code as hackers have found and exploited architecture and security holes. Compared to its Exchange Online equivalent, Exchange Server has not kept up with security spending and requires a significant overhaul. Its support of legacy authentication mechanisms like NTLM and the possibility of breach directly from the internet has on-premises customers wondering if it is a case of ‘not IF but WHEN’ they may be breached via an Exchange Server-specific vulnerability.

Exchange 2019’s support end of life is approaching soon – more on that below, along with the expectation that data center customers want to continue co-existence with legacy systems – which is why they are still on-premises. That kind of co-existence is normally measured in increments of 3-5 years or longer, valuing stability and security over new features.

What’s in the box?

With that, let’s have a look at what’s in the box, what we were expecting, and what we are, in fact, receiving.

1. Microsoft Exchange Server 2019 will change its name to Microsoft Exchange Server Subscription Edition (SE). This change is in line with Project Server Subscription Edition and SharePoint Server Subscription Edition, which require users to have either subscription licenses or licenses with active Software Assurance for both server and user licenses. The SE edition does not support Perpetual Exchange Server Client Access Licensing and Exchange Server licensing.
2. A new License agreement is shown only in the GUI version of Setup. This agreement reflects the changes in the product name and licensing and requires the administrator to accept before they may proceed.
3. The build and version number will be updated to the build number of the released version.
4. Added support for Transport Layer Security (TLS) 1.3, which both modernizes TLS and provides more encryption for the TLS handshake.
5. The reintroduction of certificate management in the Exchange Admin Center (EAC). While not earth shattering, as administrators have been managing certificates via PowerShell for several versions, this is a nice addition. However, this is hardly groundbreaking as a feature worthy of a major release.
6. Code Equivalence to Exchange Server 2019 CU15, which means in-place upgrades are supported – same as any other CU install - and encouraged, as opposed to side-by-side upgrades for customers already on Exchange Server 2019. This is good news for companies supporting large sets of replicated databases.

Legacy Exchange Server Versions

Older versions of Exchange, such as Exchange Server 2013, Exchange Server 2016 CU 2, and Exchange Server 2019 CU13 or earlier, have some work to do, as they are no longer supported in the same organization as Exchange Server SE.

Both Exchange 2013 and Exchange Server 2016 are required to legacy upgrade to a minimum of Exchange Server 2019 CU14 or CU15 and then in-place upgrade to Exchange Server SE.

Exchange Server CU13 and older must upgrade to at least CU14 and then in-place upgrade to Exchange Server SE.

What is after SE Release to Manufacture?

It seems that once an Exchange customer makes all these upgrades, then Microsoft will align them for Exchange Server SE CU1, which is the first of two expected CUs (Cumulative Update) every year. Exchange Server SE CU1 is expected to introduce changes that may require significant planning:

1. Kerberos for server-to-server communication in favor of NTLMv2 on all Exchange server virtual directories.
2. Adding support for REST-based APIs to enable remote management of Exchange server and deprecating Remote PowerShell management. PowerShell management is not expected to be removed; rather, the protocol usage between client and server will be modernized.
3. Removing Outlook Anywhere - RPC over HTTP – to be in line with Exchange Online. This modernizes protocol usage and forces old versions of Outlook or technologies still using Outlook Anywhere to be modernized.
4. Removal of support for co-existence with earlier versions by ensuring that at Exchange Server CU1 release time, Exchange Server SE will be the only supported version. If the setup of Exchange Server SE CU1 discovers versions of Exchange Server older than SE RTM, it will halt.

Show me the money

Don’t expect a massive investment in Exchange Server SE, i.e., new features. Feature investments are made in Exchange Online to keep up with Cloud demands. Exchange Server SE primarily provides support and stability for customers who cannot or will not move to Exchange Online.

Preparing for upgrade

Office 2016, Office 2019, Exchange Server 2016, and Exchange Server 2019 will reach their end-of-support date on October 15, 2025, heralding the end of security fixes, bug fixes, or technical support. In the same month of October 2025, Microsoft will release Exchange Server SE CU1, requiring that customers who need to be in a supported state to be on Exchange Server SE RTM at the time. That is not much time to plan and execute an upgrade of this importance for enterprise customers with large Exchange estates.

Customers with Exchange Sever 2013 and Exchange Server 2016 will need to perform a legacy upgrade, as opposed to an in-place upgrade. This requires customers to build new infrastructure on Exchange Server 2019 and migrate mailboxes and namespaces over to the latest version. Once the last legacy Exchange server has been decommissioned, The Exchange 2019 servers may be in-place upgraded without a need for another legacy upgrade.

Customers may be wondering how safe an in-place upgrade may be to move from Exchange Server 2019 CU14/CU15 to Exchange Server SE. Considering that Exchange Server SE is, for all intents and purposes, “CU16” or “CU15.1”, the danger to upgrade is identical to any other CUx patching process that customers have today.

On a final note, modernizing towards Windows Server 2022 and Windows Server 2025 is possible for new deployments or new OS builds for Exchange Servers of 2019 CU15 and Exchange Server SE RTM.

Final Thoughts on Microsoft Exchange Server SE

Microsoft’s announcement of Exchange Server SE was received with mixed emotions. The upside is that Exchange Server on-premises lives to see another day – or decade – for on-premises customers. The potential downside is that features are minimal, with security fixes and improvements along with current Windows Server OS support ranking as the major investments. If customers choose to stay on-premises, then joining the ranks of SharePoint, and Project Servers in a subscription-only model is the new order of the day.