Decision Point: Exchange 2016 Exits Mainstream Support Soon
Put October 13 In Your Diary
Time passes and products age, except in the cloud where renewal is an ongoing process. For Exchange Server 2016, Microsoft is keen for you to know that it reaches the end of mainstream support on October 13, 2020. Extended support for Exchange 2016 ceases on October 14, 2025.
Exiting mainstream support means that the regular quarterly cumulative updates stop for Exchange 2016. Microsoft will release Exchange 2016 CU19 in December. This is after the cutoff date for mainstream support and the appearance of CU19 is explained because work started on it before support ceased. As is the norm when a new CU appears, three months after CU19 appears (February 2021), it will become the only version of Exchange 2016 eligible to receive critical updates.
Your Calendar Will Continue to Work
During extended support, Microsoft will only issue critical security updates needed to fix any vulnerabilities discovered in Exchange 2016. A search of Microsoft’s Security Update Guide reveals many security updates affecting Exchange over the last few years, so you can expect some to emerge for Exchange 2016 while it is in extended support.
Because calendaring is a big part of Exchange, Microsoft will also update Exchange 2016 for time zone definition changes to make sure that people continue to show up for meetings on time.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Managing Mail-Enabled Objects
In hybrid organizations, on-premises Active Directory is the master directory and objects are synchronized from on-premises to Azure Active Directory with tools like Azure AD Connect. These organizations need to use Exchange 2016 CU3 or later (hopefully, a much more recent CU) to manage the Exchange attributes for mail-enabled objects, even if all mailboxes are in Exchange Online. This is a major reason why hybrid organizations retain some Exchange on-premises servers. To ease the pain, Microsoft makes a free license available for these servers on the basis that they are only used for recipient management.
Microsoft says that they are “committed to delivering” a solution that will allow organizations to remove the last lingering vestiges of on-premises Exchange. Although Microsoft documents how and when to decommission on-premises Exchange servers, it’s a manual task. They’ve talked about the prospect of something better (more automated) at the last few Ignite conferences. In some ways, it’s surprising that Microsoft has not been able to lance the boil and create a mechanism to allow on-premises Active Directory tools manage Exchange attributes (for instance). Perhaps it’s because a solution exists (keep an on-premises server) and maybe it’s because other development priorities exist. Or it could be that customers have not created much fuss about being required to keep one or two Exchange servers around to do recipient management.
For whatever reason, Exchange 2016 leaving mainstream support is a forcing function. Something must happen to allow Microsoft to deliver a fully supported end-to-end directory management system for hybrid organizations. While they work on what that solution is, Microsoft says that customers should keep Exchange 2016 (CU19) servers in production, providing that the servers are only used for recipient management. Microsoft notes that the solution might involve an update to Exchange 2016 CU19, so apart from being able to apply security updates, that’s a good reason to deploy CU19 when it becomes available.
Contemplating Exchange 2019
If the servers host mailboxes, Microsoft wants customers to move the work to Exchange 2019, which boasts its own set of features and will be in mainstream support until 2024. This is a big call. An organization might believe that they still need to keep some mailboxes on-premises. If so, they should move those mailboxes to Exchange 2019. However, as the years go by, the reasons cited for keeping on-premises mailboxes fade. Mostly I hear that people want on-premises mailboxes because they want control over those mailboxes for security or compliance reasons, perhaps because the mailboxes are used by corporate executives, HR, finance, or other roles that tend to work with highly confidential material.
Protecting Email in the Cloud
I push back against this assertion because there are more tools available in Office 365 to secure those mailboxes than on-premises unless you buy add-on technology. For example, deploying encryption to protect confidential email with Office 365 Message Encryption and sensitivity labels is easier than on-premises equivalents, better auditing tools exist, and Exchange Online administrators can be restricted with Privileged Access Management. These tools didn’t exist when Exchange 2016 was launched, so maybe it’s time to move more mailboxes to the cloud?
Reasons to Use On-Premises Exchange
Other reasons to keep on-premises Exchange include the need to:
- Support public folders (which can be moved to Exchange Online)
- Do bulk commercial mailing (not supported in Exchange Online and will result in senders being blocked).
- Run line of business applications that connect to on-premises servers to send email such as notifications when a process completes.
- Support devices like multi-function printers and scanners that connect to Exchange with SMTP to send email.
The last two require changes to be made before the work can move to Exchange Online. Devices pose a tickly issue because of Microsoft’s determination to eradicate basic authentication from Exchange Online sometime in mid-2021. Devices will need updates to connect to Exchange Online with modern authentication and I haven’t seen any great signs that device manufacturers are doing much in this area.
One thing’s for sure: Microsoft’s eyes are firmly fixed on the cloud. If you stay on-premises, the amount of TLC coming from the Exchange development team will decrease over time. Microsoft will meet its commitments, but the demands of Wall Street and the billions to be earned in the cloud will keep most Exchange development resources working on Exchange Online. If you can accept that fact and are happy with what Exchange Server delivers, stay on-premises. Otherwise, the transition of Exchange 2016 into the last stage before obsolescence is a reminder that it’s time to reconsider going all-in with the cloud.