Views, News & more
On April 11th 2023, Microsoft support for Exchange Server 2013 ends.
Microsoft will no longer provide security fixes for vulnerabilities discovered after that date, leaving Exchange Server 2013 instances vulnerable to security breaches.
In addition, Microsoft won't fix other Exchange 2013 bugs or provide related technical support.
This isn't to knock Microsoft. It can't be expected to patch a ten-year-old product indefinitely.
So, what should you do if you still have Exchange Server 2013? There are two main options:
Instead of running your own email server, you can switch to Exchange Online - an Exchange-as-a-service offering from Microsoft that forms part of most Microsoft 365 subscriptions.
Lots of organisations have gone down this route. They no longer need to patch or maintain an email server of their own. Their email service gains extra resilience and scalability. Pricing becomes more closely aligned with the number of users they have.
Here at hSo, we chose to move our email from Exchange Server to Exchange Online. No one in IT misses our old Exchange server. No one outside IT misses it, either. You may be similarly relieved to get shot of your old email server.
Microsoft 365 subscriptions provide access to popular Office apps such as Word, Excel and PowerPoint. On most subscriptions, you'll also get Microsoft Teams, SharePoint and OneDrive too.
You'll skip Exchange 2016 and move directly to Exchange 2019 - the most recent version. This is perfect for organisations that require custom integrations with Exchange or just prefer to host their own email server.
Many Exchange Server 2013 instances are hosted on Windows Server 2012 or Windows Server 2012 R2 - both of which reach end of support on October 10th 2023. If this is your situation, now would be a good time to review where your email server is hosted. A sensible option might be to switch from hosting Exchange in your office to hosting it in the cloud instead.
Once you upgrade to Exchange Server 2019, you won't need to upgrade again for a while. Microsoft has postponed the next major version of Exchange to the second half of 2025 because Exchange Server has been coming under ferocious attacks by serious hackers. Microsoft needs time to strengthen security further. Hence the six-year gap between major versions of Exchange.
Vulnerable mail servers are particularly easy for hackers to find programmatically. Domains have a DNS record that tells would-be attackers where to look for the mail server. The MX record may point directly to your mail server(s). If not, there may be a TXT record containing Sender Permitted From (SPF) information, including a list of servers authorised to send mail on behalf of the domain.
Both these DNS-based clues allow potential attackers to rapidly find mail server hostnames to probe. This could be a problem if your mail server is vulnerable.
If you're thinking of switching to Microsoft 365's hosted Exchange service, we're able to get you the licences you need, as we're a Microsoft partner. In addition, our cloud backup service makes it easy to store encrypted backup copies of your Microsoft-hosted data at an off-site location. In practical terms, this means backing up your Exchange, SharePoint and OneDrive data.
If you're thinking about upgrading to Exchange 2019 instead, hSo can host your Exchange server on our highly scalable cloud platform. Our cloud platform is hosted on servers in multiple data centres, each with resilient power, advanced air conditioning systems, fire suppression systems and 24/7 security. It provides a superior hosting environment for your Exchange Server instance.
If you'd like to learn more about switching to Microsoft 365 or cloud-hosting your Exchange Server instance, give hSo a call on 020 7847 4510.