Supporting On Premises Microsoft Exchange

As time progresses Microsoft cloud first focus becomes clearer. The pace of Microsoft Exchange releases continues to decrease. Maintenance of the system becomes more reactive. The supporting infrastructure also becomes an ever-growing hassle.

If the Exchange support staff are not continuously monitoring Microsoft announcements, missing patches for zero-day exploits is almost a certainty. Should the system be compromised, what happens next, is there a plan in place? Also, as the release frequency decreases, is the hardware being refreshed as often? Does it have a current support contract? What do backups look like, and are they regularly tested?

As the COVID-19 pandemic showed, staff may be required to work remotely for an extended period, with little to no warning. Is the entire on-premises IT infrastructure that Microsoft Exchange depends upon ready to support this, for a month, a year, or years?

Security for Microsoft Exchange

Unlike most on-premises IT infrastructure, at least some of the Microsoft Exchange services need to be exposed to the Internet. Sending and receiving e-mail requires connections through the corporate firewall, even if using a “trusted” third party relay service. Additionally, most staff expect access to corporate e-mail on mobile devices, and while VPN services can provide protection, it also makes the devices more difficult to use and support.

As a system that is publicly exposed to some extent, zero-day security exploits are even more of an issue than with other IT infrastructure.

Zero-days in the last couple of years:

March 2, 2021: HAFNIUM targeting Exchange Servers with 0-day exploits
March 31, 2021 – CISA Orders Agencies to Conduct Fresh Scans of Microsoft Exchange Servers
May 11, 2021 – Patch Tuesday – Microsoft Exchange Server vulnerability
May 24, 2021 – Hackers started scanning for vulnerable Exchange servers minutes after patches were released
June 8, 2021 – Microsoft June 2021 Patch Tuesday: 50 vulnerabilities patched, six zero-days exploited in the wild
July 14, 2021 - Microsoft Exchange Server Remote Code Execution Vulnerability
October 13, 2021 - Microsoft Exchange Server Elevation of Privilege Vulnerability
November 11, 2021 - Microsoft Exchange Server Remote Code Execution Vulnerability
January 11, 2022 - Microsoft Exchange Server Remote Code Execution Vulnerability
March 9, 2022 - Microsoft Exchange Server Remote Code Execution Vulnerability
May 10, 2022 - Microsoft Exchange Server Elevation of Privilege Vulnerability
August 9, 2022 - Microsoft Exchange Server Elevation of Privilege Vulnerability
October 3, 2022 - Microsoft Exchange Server Remote Code Execution Vulnerability
November 9, 2022 - Microsoft Exchange Server Elevation of Privilege Vulnerability

Unfortunately, these are usually cumulative updates that effectively remove the Microsoft Exchange software (leaving the data behind) and install a “new” version of Exchange. This is often a multi-hour project, just to patch the server!

How much do you trust your backups? If you missed one of these patches, and your company e-mail is now public, does that matter? There are many remote code execution vulnerabilities, which could allow attackers further access to your network. Is that an issue?

Operations of Microsoft Exchange

If the Microsoft Exchange server is down, your company’s communications both internally, and externally are effectively off. Is the hardware hosting Exchange setup in a high availability setup, redundant storage, network, compute resources? Is it new? What is the service level agreement on hardware replacement? How broken can the hardware be, and still function? Additionally, what does the power look like, are there redundant UPS, and/or generators to keep the server running? Additionally, are redundant firewalls with redundant Internet access in place to keep the mail flowing?

All the Other Stuff

We have hit upon Microsoft Exchange, for which Microsoft 365 addresses ALL of the issues outlined above. The table below contains just a few of the many additional services that are included in Microsoft 365 beyond the built in, and fully managed electronic mail service. We would be happy to go over how these services and the others in Microsoft 365 can help your business thrive and grow.

Microsoft 365	Feature
Outlook	Electronic Mail
Word	Word Processing
Excel	Spreadsheet
PowerPoint	Presentation software
Teams	Online Meetings
Teams	Text Messaging
Outlook	Scheduling
OneDrive / Sharepoint	File Storage
Forms	Surveys and Questionnaires
SharePoint	Code Free Internal Websites
OneNote	Ad Hoc Notetaking
SharePoint	Search organizational content
Power Automate	Low code online automation
Sway	Collaborative Storytelling
Endpoint Manager	Device Management Security
Compliance	Electronic Discovery
Delve	Collaboration overview
Access	Local file database
Bookings	Tool for scheduling meetings
Customer Voice	Capture feedback
Power Apps	Mobile and Web application builder
Power BI	Ad hoc and dynamic data dashboards

Costs of Microsoft Exchange

Never having to backup, patch, or monitor is worth much more than just the IT staff time saved to work on other projects. Having staff continuing to work, as well remotely as while in the office, and not having outages for maintenance is a much larger benefit. Also keeping hardware up to date, and even new Exchange licenses (if Microsoft releases a new version) are also costs that need to be considered as well.

Microsoft Exchange Migration

iuvo can efficiently, and reliably address this issue. Given our experience and seasoned IT Consultants, we will get the migration into Microsoft 365 right the first time. We can come up with the solution that works for your business, and not force you into a particular approach that works for us. We do this often, and when we are done you can be certain the security of your cloud-based mail system is correct, and your data can be accessed safely and reliably.

If you are interested in learning more, please contact us today to get started.