Supporting On Premises Microsoft Exchange

As time progresses Microsoft cloud first focus becomes clearer. The pace of Microsoft Exchange releases continues to decrease. Maintenance of the system becomes more reactive. The supporting infrastructure also becomes an ever-growing hassle.

Untitled design (23)-1

If the Exchange support staff are not continuously monitoring Microsoft announcements, missing patches for zero-day exploits is almost a certainty. Should the system be compromised, what happens next, is there a plan in place? Also, as the release frequency decreases, is the hardware being refreshed as often? Does it have a current support contract? What do backups look like, and are they regularly tested?

As the COVID-19 pandemic showed, staff may be required to work remotely for an extended period, with little to no warning. Is the entire on-premises IT infrastructure that Microsoft Exchange depends upon ready to support this, for a month, a year, or years?


Security for Microsoft Exchange

Unlike most on-premises IT infrastructure, at least some of the Microsoft Exchange services need to be exposed to the Internet. Sending and receiving e-mail requires connections through the corporate firewall, even if using a “trusted” third party relay service. Additionally, most staff expect access to corporate e-mail on mobile devices, and while VPN services can provide protection, it also makes the devices more difficult to use and support.

As a system that is publicly exposed to some extent, zero-day security exploits are even more of an issue than with other IT infrastructure.

Zero-days in the last couple of years:

  • March 2, 2021: HAFNIUM targeting Exchange Servers with 0-day exploits
  • March 31, 2021 – CISA Orders Agencies to Conduct Fresh Scans of Microsoft Exchange Servers
  • May 11, 2021 – Patch Tuesday – Microsoft Exchange Server vulnerability
  • May 24, 2021 – Hackers started scanning for vulnerable Exchange servers minutes after patches were released
  • June 8, 2021 – Microsoft June 2021 Patch Tuesday: 50 vulnerabilities patched, six zero-days exploited in the wild
  • July 14, 2021 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • October 13, 2021 - Microsoft Exchange Server Elevation of Privilege Vulnerability
  • November 11, 2021 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • January 11, 2022 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • March 9, 2022 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • May 10, 2022 - Microsoft Exchange Server Elevation of Privilege Vulnerability
  • August 9, 2022 - Microsoft Exchange Server Elevation of Privilege Vulnerability
  • October 3, 2022 - Microsoft Exchange Server Remote Code Execution Vulnerability
  • November 9, 2022 - Microsoft Exchange Server Elevation of Privilege Vulnerability

Unfortunately, these are usually cumulative updates that effectively remove the Microsoft Exchange software (leaving the data behind) and install a “new” version of Exchange. This is often a multi-hour project, just to patch the server!

How much do you trust your backups? If you missed one of these patches, and your company e-mail is now public, does that matter? There are many remote code execution vulnerabilities, which could allow attackers further access to your network. Is that an issue?


Operations of Microsoft Exchange

If the Microsoft Exchange server is down, your company’s communications both internally, and externally are effectively off. Is the hardware hosting Exchange setup in a high availability setup, redundant storage, network, compute resources? Is it new? What is the service level agreement on hardware replacement? How broken can the hardware be, and still function? Additionally, what does the power look like, are there redundant UPS, and/or generators to keep the server running? Additionally, are redundant firewalls with redundant Internet access in place to keep the mail flowing?


All the Other Stuff

We have hit upon Microsoft Exchange, for which Microsoft 365 addresses ALL of the issues outlined above. The table below contains just a few of the many additional services that are included in Microsoft 365 beyond the built in, and fully managed electronic mail service. We would be happy to go over how these services and the others in Microsoft 365 can help your business thrive and grow. 

Microsoft 365



Electronic Mail


Word Processing




Presentation software


Online Meetings


Text Messaging



OneDrive / Sharepoint

File Storage


Surveys and Questionnaires


Code Free Internal Websites


Ad Hoc Notetaking


Search organizational content

Power Automate

Low code online automation


Collaborative Storytelling

Endpoint Manager

Device Management Security


Electronic Discovery


Collaboration overview


Local file database


Tool for scheduling meetings

Customer Voice

Capture feedback

Power Apps

Mobile and Web application builder

Power BI

Ad hoc and dynamic data dashboards


Costs of Microsoft Exchange

Never having to backup, patch, or monitor is worth much more than just the IT staff time saved to work on other projects. Having staff continuing to work, as well remotely as while in the office, and not having outages for maintenance is a much larger benefit. Also keeping hardware up to date, and even new Exchange licenses (if Microsoft releases a new version) are also costs that need to be considered as well.


Microsoft Exchange Migration

iuvo can efficiently, and reliably address this issue. Given our experience and seasoned IT Consultants, we will get the migration into Microsoft 365 right the first time. We can come up with the solution that works for your business, and not force you into a particular approach that works for us. We do this often, and when we are done you can be certain the security of your cloud-based mail system is correct, and your data can be accessed safely and reliably.


If you are interested in learning more, please contact us today to get started.


Related Content:


Subscribe Here For Our Blogs:

Recent Posts


see all