Exchange Server June 2019 updates
It worked out this time: 3rd month, 3rd week, on a Tuesday for the Exchange Server product updates. Not a lot of changes, but a couple of items of interest, the first one, the Exchange Product Group (PG) continues to tighten Active Directory security, which I absolutely love.
They have added a few deny values, which reminder, a deny setting supersedes all other allow settings, so this is powerful to make these changes. The directions to run /PrepareDomain in the domain where /PrepareAD is executed are the same. Furthermore, these updates are fully compatible with all versions of Exchange.
The other news of interest, is finally stating that the Exchange PG will no longer pursue development of Multi-Factor Authentication (MFA) for Exchange only deployed in an on premises environment. With the development and focus in the cloud, there are many, many options with Azure RM and Exchange online in O365, including with hybrid setups, that fully support MFA.
Fear not, there are several 3rd party vendors that do support MFA on premises and can integrate with Exchange Server organizations that are 100% on site with no cloud or hybrid connectivity.
The KB articles that describe the fixes in each release and product downloads are available as follows:
- Exchange Server 2019 Cumulative Update 2 (KB4488401), VLSC Download
- Exchange Server 2016 Cumulative Update 13 (KB4488406), Download, UM Lang Packs
- Exchange Server 2013 Cumulative Update 23 (KB4489622), Download, UM Lang Packs
As always, if you are in a hybrid configuration, remember that you must be on N or N-1 CU’s, or you are NOT SUPPORTED. And yes, this is for every single Exchange server in your organization, not just the hybrid connected ones. The cloud changes quickly and even 6-month-old Exchange on premises code, is sometimes difficult for the Exchange PG to maintain proper connectivity. Thus, you need to update all your Exchange servers every 92 days, or you are not supported.
Happy patching!