Last update September 2nd, 2014: Microsoft has released a ‘fix’ to correct the EAC issue. It is available through KB2997355. Be advised that the fix uses the default Program Files folder. If you have installed Exchange in a different location, I suggest using Exchange2013-KB2997355-FixIt-v2. Also added information on a serious In-Place Hold issue to this post.

Just a few days after the release of Exchange 2013 Cumulative Update 6, some issues have been identified which could pose issues for organizations utilizing Exchange 2013 Hybrid deployments, or organizations using Exchange 2013 in co-existence with Exchange 2007.

First, Exchange MVP fellow Jeff Guillet discovered that, when you have deployed Exchange 2013 CU6 on-premises in a Hybrid scenario, several Office 365-related mailbox functions will not show up in the Exchange Admin Center (EAC), e.g.

• Create mailboxes in Exchange Online.
• Move mailboxes to Exchange Online.
• Create In-Place Archive mailboxes.

Of course, this functionality remains available when using Exchange Management Shell (EMS), or alternatively use the Office 365 Portal where possible. The severity of this issue therefor depends on how your operations procedures make use of these functions in EAC. This issue has been confirmed in KB2997355, which contains a fix but I suggest using my adjusted version available here, which will use the actual Exchange installation folder instead of assuming Exchange is installed using the default installation path.

The second issue was reported by another Exchange MVP, Ratish Nair. When using Exchange 2013 in co-existence with Exchange 2007, access to delegated mailboxes may cause Exchange 2013 databases to fail-over (or dismounts when you have single copies of databases) due to Microsoft.Exchange.Worker.Store crashing. This only happens when the user’s mailbox is on hosted on Exchange 2007 and the delegate mailbox is on Exchange 2013 CU6. This issue has been confirmed in KB2997209 which contains a link to request the related hotfix.

On a more serious note, Exchange MVP Tony Redmond reported that a serious flaw has been discovered in OWA, which allows delegates to bypass In-Place Hold and remove entire folders from a mailbox without a trace. This applies to Exchange Server 2013 as well as Office 365. Meanwhile, Microsoft has acknowledged the issue in KB2996477. Suggested workarounds are to put delegate mailboxes on In-Place Hold as well or to disable OWA access for those delegates.