Hotfix Updates Exchange 2016-2019 (Apr2025)

Posted on by

The Exchange product group released the April 2025 Hotfix Updates for Exchange Server 2019 and Exchange Server 2016. Hotfix updates do not contain security fixes. Instead, this hotfix introduces support for the updated Exchange Hybrid Application model.

ExchangeDownloadBuildKBSupersedes
Exchange 2019 CU15Download15.2.1748.24KB5050672
Exchange 2019 CU14Download15.2.1544.25KB5050673
Exchange 2016 CU23Download15.1.2507.55KB5050674

Dedicated Exchange Hybrid Application

Instead of relying on the default Office 365 Exchange Online application in Entra ID, the new model leverages a dedicated application in Entra ID to support Exchange Hybrid. By creating a new dedicated, unique application ID per tenant, instead of relying on the well-known application identifier 00000002-0000-0ff1-ce00-000000000000, allows organizations to decide when to move from EWS to Graph permissions.

To implement the dedicated Exchange Hybrid Application and configure all related aspects, the product group published a script, ConfigureExchangeHybridApplication.ps1 (part of the hotfix or available here). This script can take care of parts or all of the configuration. An extensive article explaining the steps and script usage is published here, so there is no need to repeat that information.

In addition, as part of the move to Graph from Exchange Web Services, the new Exchange Hybrid application will eventually leverage Graph instead of Exchange Web Services. Since Exchange still lacks functionality in the Graph area, the new app still requires blanket EWS permission full_access_as_app. But consider this a first step in the transition process, and expect permissions to change to Graph API permissions in the future.

Moving away from the common application, which has been around for a while, may impact existing scripts and procedures with hard references to its identifier. You need to anticipate this change by making the reference independent and dynamic. To determine this identifier, check for an Entra application named ExchangeServerApp-<Organization Guid>, provided you used the ConfigureExchangeHybridApplication script to create it.

Co-Existence

Organizations running Exchange Hybrid requiring rich co-existence must implement this April 2025 HU before October 2025 for continued functionality. This includes upcoming changes in Graph permissions (ETA October 2026). This may create an additional task when running Exchange Hybrid as part of a long-term hybrid deployment or when migrating to Exchange Online. Failure to do so may result in unpleasant surprises, such as broken Free/Busy sharing functionality.

Exchange SE

The change in the Exchange Hybrid Application model will propagate to Exchange SE. Exchange SE is the successor to Exchange 2019 and is expected to become available later this year, replacing the soon-to-be-out-of-support Exchange Server 2019 and Exchange Server 2016 versions.

This entry was posted in Exchange Server and tagged , , , , , , , , by Michel de Rooij. Bookmark the permalink.
Unknown's avatar

About Michel de Rooij

Michel de Rooij, with over 25 years of mixed consulting and automation experience with Exchange and related technologies, is a consultant for Rapid Circle. He assists organizations in their journey to and using Microsoft 365, primarily focusing on Exchange and associated technologies and automating processes using PowerShell or Graph. Michel's authorship of several Exchange books and role in the Office 365 for IT Pros author team are a testament to his knowledge. Besides writing for Practical365.com, he maintains a blog on eightwone.com with supporting scripts on GitHub. Michel has been a Microsoft MVP since 2013.

Leave a comment