Updates to Microsoft Exchange 2019

Is it time to remove your last server?

You’ve migrated your last mailbox to Exchange Online, now you’re wondering what’s next? 

Up until now Microsoft only supported the use of admin tools to perform recipient management activities when on-premises Azure Active Directory (AAD) was used for identity management. Organisations syncing identities to Azure AD using AAD Connect have needed to maintain an on-premises purely to manage recipients. Additionally, if they wanted to utilise the free hybrid license offered by Microsoft, Exchange Server 2016 was required as the hybrid license was not available for its 2019 counterpart.

New features

Microsoft made two cumulative update announcements in April 2022 which may have piqued your interest.  

The first update is MS Exchange Server 2019 CU12 which included an update eliminating the need to run a single server for recipient management.   

Now before you get all excited and decide to start uninstalling, there are several factors you need to consider prior to making the decision to remove the last server:  All mailboxes and public folders must have been migrated to Exchange Online before going down this path. Your organisation must also be very comfortable with managing recipients using PowerShell as there is no Admin Centre GUI when the server is removed. This requirement may be a blocker for a lot of organisations whose support staff may not be proficient in PowerShell.   

• You will no longer be able to use on-premises as a message relay. If you have any applications or devices sending messages via SMTP, they will need to be configured to use the platform for relaying or you will need to implement a different MTA (the Edge Transport role in a DMZ could be a good option).   
• Other potential blockers include the removal of auditing and logging of recipient management activity and the inability to user RBAC roles.   

If any of these are deal breakers, then you should retain your on-premises servers. The table below outlines each scenario and their respective advantages and disadvantages.

Management type	Requirements	Pros	Cons
Hybrid	A full server installation of Exchange 2016 or 2019 must be patched and maintained like a normal full Exchange server	Ability to manage Exchange attributes from the server and sync to cloud with an easy-to-use GUI This is a well-known fully supported solution If server goes offline, users are not impacted License for this is included for free	Another server to be maintained by administrators OS licensing costs Cost of compute resources required to deploy Exchange
Exchange management tools only	All users and PFs are migrated to Exchange Online On-prem Exchange Admin Centre or RBAC is no longer needed Domain and schema at Exchange 2019 CU12	Ability to manage Exchange user attributes without running a full Exchange server Last Exchange server can be permanently shut down	PowerShell interface only, no GUI for people to use This is a very new solution but has not been widely deployed.  There is a risk it may not work as anticipated

One thing you must be mindful of if you do go down this path is you absolutely should NOT uninstall the last server. Doing this will remove some critical properties from AD and this will break your ability to manage accounts using the management tools (so cherish your arbitration mailboxes!)!

The second update is the MS Exchange Server 2019 now offers a product key for hybrid servers at no extra cost. Accordingly, organisations can retain an on-premises server without the cost of Exchange server licensing and move to the latest version of Exchange and Windows OS. This closes a security gap where previously organisations would be stuck with Exchange Server 2016 which required Windows Server 2016, both of which are getting a bit long in the tooth and should be removed from your organisations on-premises server footprint ASAP.

If you’re looking for any help or advice with Microsoft Exchange and more, as always, please contact us.