Happy new year to all my dear readers and followers. And what a crazy year 2020 has been, where the pandemic forced the hand of those delaying digital transformation. The uptake of work from home and supporting technologies and adoption was phenomenal, and professionally it has been an extremely busy year. As you can spend your time only once, the year again proved to be a challenge for those busy working on customer projects while tending to the community as well. In the end, it is all about finding a balance, especially if you are working from home and the rest of the household is as well. And then there’s this cat.
That said, I thought it would be nice to kick 2021 off with reinstating the annual report. I’d like to share with you some of blog’s statistics of 2020, the blog’s 10th year running. The statistics come directly from the site and without additional observations, apart from that for some reason looking things up related to Exchange 2010 still remains to be very popular.
General 2020 Stats
Number of views: 300,370 (2,811,923 all-time)
Unique visitors: 129,905 (1,457,892 all-time)
Number of posts: 20 (629 total)
Followers: 450
Busiest day: November 18th (3,496 views – Teams Custom Background referrals)
Apart from the Versions, Builds and Dates, Schema Versions and Toolkit pages, the newly introduced Teams Custom Backgrounds page stood out this year with 13,117 in just a few months. When it comes to blogs published in 2020, the most viewed posts are:
Update: Per request, added SharePoint and OneDrive, and did some manual corrections.
A really short post on a Ugly Sweater background with Exchange, Teams and Outlook theme to use during those conference calls end of December. Enjoy!
Like it or not, leave feedback in the comments. Also, suggestions are welcomed. In case you are not aware, I keep a set of custom background for you to enjoy here.
With great honor and joy I can announce that I have been awarded the Microsoft Most Valuable Professional award for the seventh consecutive year, again in the category Office Apps & Services. Congratulations to other new and re-awarded MVPs as well, and kudos to the MVP program in undertaking the monstrous task of reviewing and evaluating thousands of contributions every award cycle.
With another award cycle also comes the time to have a look at the MVP statistics. Below numbers are taken from the public MVP site. July 3rd is chosen as the first days the site gets updated and new awardees need to turn in their NDA before they show up on the site.
Because people can get awarded each month, the comparison to July 3rd of every year indicates only yearly trend. Therefor we’ll also compare the numbers to those of June to see the impact on long-term MVP population, as awardees from January are only up for consideration in July 2021 for example.
From the numbers, it is clear that this cycle the number of MVPs went a bit down from 2.998 in June 2020 to 2.850 now (-5%), but it is higher than the 2.634 (+8%) of July 2019.
The following table contains the changes per award category from July 2019 and June 2020 to July 2020. I will leave the interpretation up to you.
Expertise
July 2019
June 2020
Change
July 2020
Change
Cloud and Datacenter Management
232
242
4%
209
-10%
Microsoft Azure
409
455
11%
463
13%
Office Apps & Services
491
530
8%
512
4%
Business Applications
166
234
41%
240
45%
Data Platform
332
375
13%
358
8%
Developer Technologies
644
742
15%
697
8%
Enterprise Mobility
106
119
12%
113
7%
AI
84
109
30%
122
45%
Office Development
47
60
28%
64
36%
Windows Development
119
123
3%
110
-8%
Windows and Devices for IT
57
55
-4%
43
-25%
Total Awards
2687
3044
13%
2931
9%
Total MVPs
2634
2998
14%
2849
8%
Note: The total number of MVPs doesn’t equal the total number of awardees, as MVPs can be awarded in more than one category; there are now 82 people awarded in multiple categories’; an increase of 57% compared to June 2019.
When zooming in on the Office Apps & Services category, the awards per country are shown below, including change compared to last year. Be advised that 26 OAS MVPs are anonymous or have profiles without information on residency.
Country
Number
Country
Number
Country
Number
Australia
24 (20%)
India
13 (0%)
Saudi Arabia
1 (0%)
Austria
3 (0%)
Ireland
1 (0%)
Serbia
1 (0%)
Belgium
5 (-38%)
Israel
1 (0%)
Singapore
3 (0%)
Bosnia and Herzegovina
1 (0%)
Italy
5 (-17%)
Slovakia
1 (0%)
Brazil
8 (-20%)
Japan
20 (-10%)
Slovenia
2 (0%)
Bulgaria
2 (0%)
Korea
12 (0%)
South Africa
4 (-20%)
Cambodia
1 (100%)
Luxembourg
1 (100%)
Spain
12 (50%)
Canada
33 (6%)
Macedonia, FYRO
2 (0%)
Sri Lanka
1 (0%)
China
17 (6%)
Malaysia
1 (0%)
Sweden
9 (80%)
Colombia
5 (25%)
Mexico
5 (0%)
Switzerland
3 (50%)
Croatia
5 (25%)
Myanmar
1 (100%)
Taiwan
4 (0%)
Czech Republic
2 (0%)
Nepal
1 (0%)
Thailand
2 (-34%)
Denmark
6 (0%)
New Zealand
6 (0%)
The Netherlands
22 (4%)
Egypt
1 (0%)
Nigeria
2 (100%)
Turkey
2 (0%)
El Salvador
1 (0%)
Norway
6 (0%)
Ukraine
2 (0%)
Finland
4 (33%)
Pakistan
1 (-50%)
United Arab Emirates
1 (-50%)
France
18 (-10%)
Poland
6 (50%)
United Kingdom
33 (17%)
Germany
24 (-4%)
Portugal
3 (50%)
United States
123 (2%)
Hungary
2 (0%)
Russia
9 (12%)
Uruguay
1 (0%)
And last, the number of Office Apps & Services and total number of MVP’s over the last years, before and after the award cycle.
June 2017
July 2017
June 2018
July 2018
March 2019
July 2019
June 2020
July 2020
OSS
532
449
490
383
622
491
530
512
-16%
9%
-22%
62%
-21%
8%
-3%
Total
4134
3490
3815
3030
3205
2634
2998
2849
-16%
9%
-21%
6%
-18%
14%
-5%
On a final note, the above data is static; some MVPs have build great dashboards which allow you to work with the data more interactively (if they have updated their data set, that is). Some noteworthy mentions:
A quick blog on recently published security updates for Exchange Server 2013 up to Exchange Server 2019. These fixes address the following vulnerabilities:
CVE-2019-1373: Microsoft Exchange Remote Code Execution Vulnerability
The CVE documents contain more details on the vulnerabilities. The exploits can be fixed by single security update, which you can find in the table below per current Exchange version.
Be advised that the Security Updates for Exchange 2013-2019 are Cumulative Update level specific. Unfortunately, the security update carries the same name for different CUs, and you cannot apply the update for Exchange 2016 CU14 to Exchange 2016 CU13. I would suggest tagging the Cumulative Update in the file name when you store it, e.g. Exchange2016-CU14-KB4523171-x64-en.msp.
As with any patch or update, I’d recommend to apply this in a acceptance environment first, prior to implementing it in production.
Today, the Exchange Team released the quarterly Cumulative Updates for Exchange Server 2019 as well as Exchange 2016. The fixes in each release, product downloads are described below:
4515257 Hash mismatch is reported for Exchange DLLs in the bin directory of Exchange Server 2019
4502159 Adding or removing mailbox permission in EAC doesn’t address the msExchDelegateListLink attribute in Exchange Server 2019 and 2016
4515276 Room mailbox accepts a meeting as “Free” if a booking delegate is set in Exchange Server 2019 and 2016
4515275 Enable Get/Restore-RecoverableItems to work with Purges folder in Exchange Server 2019 and 2016
4515274 AutodiscoverV2 request returns REST API endpoint not AutoDiscoverV1 endpoint in Exchange Server 2019 and 2016
4515269 SentToMemberOf shows every recipient type not distribution groups when you create transport rule in Exchange Server 2019 and 2016
4515272 Message is blocked in “SMTP Delivery to Mailbox” queue if exchange server is added in groups of a child domain in Exchange Server 2019 and 2016
4515271 Can’t convert a migrated remote user mailbox to shared in Exchange Server 2019 and 2016
4515270 SubmissionQueueLengthMonitor shows “System.ArgumentException: Transition timeout…” in Exchange Server 2019 and 2016
4515267 NDR occurs when you resend message from alternate journaling mailbox to journaling mailbox in Exchange Server 2019 and 2016
4515265 Removing In-Place Hold doesn’t work for mailboxes in different domains in Exchange Server 2019 and 2016
4515264 FindPeople request from Skype for Business on Mac fails with “Invalid Shape Specification” in Exchange Server 2019 and 2016
4515263 Hide the “Validate-MailFlowThroughFrontDoor” command for Exchange Server 2019 and 2016
4515262 Enable Remove-MobileDevice to delete mobile devices after migrating to Office 365 from Exchange Server 2019 and 2016
4515261 Can’t copy eDiscovery search results for mailboxes with Exchange online archives in Office 365 in Exchange Server 2019 and 2016
4515273 Mailbox auditing fails when using SHA1Managed in Exchange Server 2019 and 2016
4515266 Infinite loop in Recurrence.GetNumberOfYearsBetween() with the Japanese calendar in Exchange Server 2019 and 2016
4520319 S/MIME signed reply draft behaves like the first message in conversation in Exchange Server 2019 and 2016
4515832 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019
Exchange 2016 CU14 fixes:
4515255 “X-InnerException: Microsoft.Mapi.MapiExceptionRpcServerTooBusy” error when you try to use a mailbox in Exchange Server 2016
4515254 Event 1009 frequently occurs in application logs for lagged database copies in Exchange Server 2016
4502159 Adding or removing mailbox permission in EAC doesn’t address the msExchDelegateListLink attribute in Exchange Server 2016
4515276 Room mailbox accepts a meeting as “Free” if a booking delegate is set in Exchange Server 2016
4515275 Enable Get/Restore-RecoverableItems to work with Purges folder in Exchange Server 2016
4515274 AutodiscoverV2 request returns REST API endpoint not AutoDiscoverV1 endpoint in Exchange Server 2016
4515269 SentToMemberOf shows every recipient type not distribution groups when creating transport rule in Exchange Server 2016
4515272 Message is blocked in “SMTP Delivery to Mailbox” queue if exchange server is added in groups of a child domain in Exchange Server 2016
4515271 Can’t convert a migrated remote user mailbox to shared in Exchange Server 2016
4515270 SubmissionQueueLengthMonitor shows “System.ArgumentException: Transition timeout…” in Exchange Server 2016
4515267 NDR occurs when you resend message from alternate journaling mailbox to journaling mailbox in Exchange Server 2016
4515265 Removing In-Place Hold doesn’t work for mailboxes in different domains in Exchange Server 2016
4515264 FindPeople request from Skype for Business on Mac fails with “Invalid Shape Specification” in Exchange Server 2016
4515263 Hide the “Validate-MailFlowThroughFrontDoor” command for Exchange Server 2016
4515262 Enable Remove-MobileDevice to delete mobile devices after migrating to Office 365 from Exchange Server 2016
4515261 Can’t copy eDiscovery search results for mailboxes with Exchange online archives in Office 365 in Exchange Server 2016
4515273 Mailbox auditing fails when you use SHA1Managed in Exchange Server 2016
4515266 Infinite loop in Recurrence.GetNumberOfYearsBetween() with the Japanese calendar in Exchange Server 2016
4520319 S/MIME signed reply draft behaves like the first message in conversation in Exchange Server 2016
4515832 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019
Notes:
These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to delay installing at most one version (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
Update: Updated statistics based on award categories (not people) due to the number of multi-category awardees.
In previous years, I performed some comparisons on the MVP population after every award cycle. So, time to get some fresh statistics after July 2019 award cycle.
For comparison, I had a look at thepublic MVP statistics of July 3rd, 2018 against those of July 3rd, 2019, as the public MVP site was closed the first two days. From the numbers, it is clear that this cycle the number of MVPs went down again, from 3.030 last year, to 2.634 now (-13%).
The following table contains the changes per award category from July 2018 to July 2019:
Competence
Jul-18
Jul-19
Change
AI
58
84
45%
Business Applications
164
166
0%
Cloud and Datacenter Management
303
232
-23%
Data Platform
369
332
-10%
Enterprise Mobility
122
106
-13%
Microsoft Azure
444
409
-8%
Office Development
33
47
42%
Office Apps & Services
606
491
-19%
Developer Technologies
781
644
-17%
Windows and Devices for IT
87
57
-34%
Windows Development
186
119
-37%
TotalMVPs
3066
2634
-14%
Few notes:
The total number of MVP’s doesn’t equal the total number of awards, as people can be awarded in more than one category; there are 52 MVP’s with multiple award categories (one even in 3 categories).
Former single product categories, such as Access or OneNote, were moved under the Office Apps & Services category (which was rebranded from Office Servers & Services). Those numbers are merged for the 2018 column.
When comparing to earlier years, the award categories were restructured in 2017, e.g. Visual Studio and Development Technologies became Developer Technologies.
When zooming in on the Office Apps & Services category, the awards per country are shown below. Be advised that 26 are anonymous MVP’s or have profiles without location.
Country
Jul’18
Jul’19
Country
Jul’18
Jul’19
Country
Jul’18
Jul’19
ARE
1
2
GBR
23
28
POL
2
4
AUS
17
20
HRV
5
4
PRK
6
12
AUT
2
3
HUN
2
2
PRT
3
2
BEL
8
8
IND
12
13
RUS
5
8
BGR
1
2
IRL
1
1
SAU
1
1
BIH
1
1
ISR
1
SGP
3
3
BRA
2
10
ITA
8
6
SLV
1
CAN
28
31
JOR
1
1
SRB
1
1
CHE
4
2
JPN
11
22
SVK
1
1
CHN
14
16
LKA
4
1
SVN
1
2
COL
2
4
MEX
2
5
SWE
6
5
CRI
1
MKD
2
2
THA
1
3
CZE
3
2
MYS
1
1
TUR
4
2
DEU
17
25
NGA
1
1
TWN
3
DNK
2
6
NLD
13
21
UKR
1
2
EGY
1
1
NOR
5
6
URY
1
1
ESP
5
8
NPL
1
1
USA
89
120
FIN
2
3
NZL
4
6
ZAF
4
5
FRA
16
20
PAK
2
2
The countries Argentina, Chile, Latvia, Peru, Romania and Greece are no longer represented in the Office Apps & Services category, while Costa Rica, Israel, Taiwan and El Salvador are new to the table.
Month
Oct 2016
Jan 2017
Jun 2017
Jul 2017
Jun 2018
Jul 2018
Mar 2019
Jul 2019
OSS
538
505 (-7%)
532 (+5%)
449 (-16%)
490 (+2%)
383 (-21%)
622 (+62%)
491 (-22%)
Total
N/A
N/A
4134
3490 (-16%)
3815 (+2%)
3030 (-21%)
3205 (+6%)
2635 (-18%)
Above are the number of Office Apps & Services and total number of MVP’s over the last years. Do note that for March and July 2019 the former product categories are included in the Office Apps & Services category, hence why I included March to have a sense of the changes in the July cycle.
If you have questions or comments, please send them in the comments below.
With great honor and joy I can announce that I have been awarded the Microsoft Most Valuable Professional Award in the category Office Apps & Services.
Microsoft reports there are around 2.000 MVP awardees worldwide. Those awards are given to individuals in recognition of their contributions to the community, such as writing, speaking engagements, supporting people, code contributions or product feedback.
This is my 6th consecutive year as an MVP. Lots of kudos to the MVP leads and other involved in the monstrous task of reviewing and evaluating thousands of contributions for this award cycle.
Many thanks to the community, readers, followers, fellow MVP’s and friends, peers, product groups and other Microsoft employees for their encouragement, inspiration and support over all those years.
These updates contain the following important changes and notes (more information in the original article):
Reduced required permissions of Exchange in Active Directory.
Introduction of support for .NET Framework 4.8, with 4.7.2 becoming the minimum required version.
Introduction of Organization-level Authentication Policies.
Upcoming support for Modern Authentication for Exchange Hybrid deployments.
Controlled Public Folder visibility for Exchange 2019 & 2016.
Exchange 2019 CU2 fixes:
4502134 Can’t get all the emails when searching mailbox by using an end date that’s different from today in Exchange Server 2019
4502135 Correct the error message that you receive when installing Exchange Server 2019 in an organization that has Exchange Server 2010 installed
4502154 Providing information to administrators when auto forward limit is reached in Exchange Server 2019 and 2016
4502155 “The primary SMTP address must be specified when referencing a mailbox” error when you use impersonation in Exchange Server 2019 and 2016
4502156 Audit logs aren’t updated when “-WhatIf” is used as $false in the command in Exchange Server 2019 and 2016
4502157 The Find command not returning the HasAttachments element in Exchange Server 2019 and 2016
4502158 SyncFolderItems contains duplicated ReadFlagChange items in Exchange Server 2019 and 2016
4502131 “TLS negotiation failed with error UnknownCredentials” error after you update TLSCertificateName on Office 365 send connector in Exchange Server 2019 hybrid environment
4502132 Can’t reply to old emails after migration even though old legacyExchangeDN is set to migrated mailbox in Exchange Server 2019 and 2016
4502136 The response of FETCH (BODYSTRUCTURE) command of IMAP violates RFC 3501 in Exchange Server 2019 and 2016
4502140 Can’t preview an eDiscovery search when there are multiple domains in Exchange Server 2019 and 2016
4502141 Appointment that’s created by responding to an email message doesn’t show in any Outlook calendar views in Exchange Server 2019 and Exchange Server 2016
4502133 Can’t use Outlook on the web to reply a partner email through mutual TLS in Exchange Server 2019 and 2016
4488396 Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2019 and 2016
4488078 Public folder contact lists don’t show contact’s profile picture in Outlook on the web in Exchange Server 2019 and 2016
4499503 Heavy organizational forms traffic because of materialized restriction when organization forms library has more than 500 items in Exchange Server 2019 and 2016
4503027 Description of the security update for Microsoft Exchange Server 2019 and 2016: June 11, 2019
Exchange 2016 CU13 fixes:
4502154 Providing information to administrators when auto forward limit is reached in Exchange Server 2016
4502155 “The primary SMTP address must be specified when referencing a mailbox” error when using impersonation in Exchange Server 2016
4502156 Audit logs aren’t updated when “-WhatIf” is used as $false in the command in Exchange Server 2016
4502157 The Find command not returning the HasAttachments element in Exchange Server 2016
4502158 SyncFolderItems contains duplicated ReadFlagChange items in Exchange Server 2016
4502131 “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2016 hybrid environment
4502132 Can’t reply to old emails after migration even though old legacyExchangeDN is set to migrated mailbox in Exchange Server 2016
4502136 The response of FETCH (BODYSTRUCTURE) command of IMAP violates RFC 3501 in Exchange Server 2016
4502140 Can’t preview an eDiscovery search when there are multiple domains in Exchange Server 2016
4502141 Appointment that’s created by responding to an email message doesn’t show in any of Outlook calendar views in Exchange Server 2016
4502133 Can’t use Outlook on the web to reply a partner email through mutual TLS in Exchange Server 2016
4488396 Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
4488078 Public folder contact lists don’t show contact’s profile picture in Outlook on the web in Exchange Server 2016
4499503 Heavy organizational forms traffic due to materialized restriction when organization forms library has more than 500 items in Exchange Server 2016
4503027 Description of the security update for Microsoft Exchange Server 2019 and 2016: June 11, 2019
Exchange 2013 CU23 fixes:
4502131 “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2013 hybrid environment
4503028 Description of the security update for Microsoft Exchange Server 2013 and 2010: June 11, 2019
Notes:
These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update. However, due to changes in the permissions architecture, you need to run setup /PrepareAD to implement these changes as well as apply any RBAC changes, before deploying or updating Exchange servers.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to delay installing at most one version (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
Exchange 2010 is currently in Extended Support. Extended support for Exchange 2010 ends January 14, 2020.
Don’t forget to put the Exchange server in maintenance mode prior to updating.
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing first, followed by non-internet-facing servers, and finally Edge Transports.
Notice on KB4487563:
Apart from the known issues mentioned in KB4487563, there are reports the fix terminates while stopping services, and the following error is being logged: [Error] System.Management.Automation.CommandNotFoundException: The term ‘Stop-SetupService’ is not recognized as the name of a cmdlet, function, script file, or operable program.
This Stop-SetupService isn’t a regular cmdlet, and I assume is an alias created by the update. However, there are reports this operation fails. In those circumstances, next to retrying installation of the update, a workaround might be opening up a PowerShell session and adding the alias yourself using New-Alias Stop-SetupService Stop-Service, followed by running the update. The alias isn’t persistent, so will be gone after you close your session.
Caution: As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
Update: Added note that Exchange 2010 SP3 RU26 adds support for Windows Server 2012 R2.
Today, the Exchange Team released the overdue quarterly Cumulative Updates for Exchange Server 2013, Exchange 2016 and Exchange 2019, as well as a Rollup for Exchange Server 2010.
The KB articles that describe the fixes in each release and product downloads are available as follows:
This update contain the following important changes and notes:
Due to issue CVE-2018-8581, the EWS architecture was changed, in particular push notifications. Details on the change are described in KB4490060; while the change has been tested against EWS clients such as Outlook for Mac and Skype for Business, organizations may need to test any applications leveraging EWS to estimate potential impact of installing these Cumulative Updates or Rollup. In addition, organizations are advised to password reset Exchange computer accounts.
These Exchange builds introduces a change in the shared permissions model (this does not apply to Split Permissions Model). Result is that Exchange no longer requires fargoing permissions in Active Directory (e.g. WriteDACL on root of domain). To makes these changes become effective:
For Exchange 2013-2019 Cumulative Updates, run setup using /PrepareAD. In multi-forest environments, this needs to be done in every domain of the forest.
For Exchange 2010, go through the instructions mentioned in KB4490059.
Organizations considering moving to the Split Permissions because of CVE-2018-8581 should know Microsoft fully supports both models. Switching can have serious consequences and therefor should be fully evaluated.
This build of Exchange 2019 introduces cmdlets to block usage of legacy authentication protocols for users through policies, e.g. Basic Authentication.
Prior to deploying Exchange 2016 CU12 or Exchange 2013 CU22 on Edge Transport servers, install Visual C++ 2012 Runtime.
These Cumulative Updates will remove the DisableLoopbackCheck key when present; removing this key was a mitigation for CVE-2018-8581.
Exchange 2010 SP3 RU26 adds support for Windows Server 2012 R2, to accommodate for the Hybrid Agent.
Exchange 2019 CU1 fixes:
4487596 Emails are blocked in moderator mailbox Outbox folder when you send large volumes of emails in Exchange Server 2019
4487591 The recipient scope setting doesn’t work for sibling domains when including OUs in the scope in Exchange Server 2019
4487602 Outlook for Mac users can still expand a distribution group when hideDLMembership is set to true in Exchange Server 2019
4488076 Outlook on the Web can’t be loaded when users use an invalid Windows language in operating system in Exchange Server 2019
4488079 Exchange Server 2016 allows adding Exchange Server 2019 mailbox server into a same DAG and vice versa
4488263 X-MS-Exchange-Organization-BCC header isn’t encoded correctly in Exchange Server 2019
4488080 New-MigrationBatch doesn’t honor RBAC management scope in Exchange Server 2019
4488262 Delivery Reports exception when tracking a meeting request that’s sent with a room resource in Exchange Server 2019
4488268 Disable the irrelevant Query logs that’re created in Exchange Server 2019
4488267 Test-OAuthConnectivity always fails when Exchange Server uses proxy to connect to Internet in Exchange Server 2019
4488266 Client application doesn’t honor EwsAllowList in Exchange Server 2019
4488265 “There are problems with the signature” error occurs for digital signature message if attachment filtering is enabled in Exchange Server 2019
4488398 “The Microsoft Exchange Replication service may not be running on server” error when you add a mailbox database copy in Exchange Server 2019
4488264 Mailbox that has a bad move request can’t be cleaned up from destination mailbox database in Exchange Server 2019
4488261 Event ID 1002 when the store worker process crashes in Exchange Server 2019
4488260 New-MailboxExportRequest and New-MailboxImportRequest don’t honor RBAC management scope in Exchange Server 2019
4488259 MailTip shows wrong number of users for a distribution group if the users are in different domains in Exchange Server 2019
4488258 OAuth authentication is removed when saving MAPI virtual directory settings in EAC in Exchange Server 2019
4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model
Exchange 2016 CU12 fixes:
4487596 Emails are blocked in moderator mailbox Outbox folder when you send large volumes of emails in Exchange Server 2016
4456241 You receive a meeting request that has a “not supported calendar message.ics” attachment in Exchange Server 2016
4456239 New-MailboxRepairRequest doesn’t honor RBAC RecipientWriteScope restrictions in Exchange Server 2016
4487591 The recipient scope setting doesn’t work for sibling domains when including OUs in the scope in Exchange Server 2016
4468363 MRM does not work for mailboxes that have an online archive mailbox in Exchange Server
4487603 “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2016
4487602 Outlook for Mac users can still expand a distribution group when hideDLMembership is set to true in Exchange Server 2016
4488076 Outlook on the Web can’t be loaded when users use an invalid Windows language in operating system in Exchange Server 2016
4488079 Exchange Server 2016 allows adding Exchange Server 2019 mailbox server into a same DAG and vice versa
4488077 Can’t configure voice mail options when user is in different domain in Exchange Server 2016
4488263 X-MS-Exchange-Organization-BCC header isn’t encoded correctly in Exchange Server 2016
4488080 New-MigrationBatch doesn’t honor RBAC management scope in Exchange Server 2016
4488262 Delivery Reports exception when tracking a meeting request that’s sent with a room resource in Exchange Server 2016
4488268 Disable the irrelevant Query logs that’re created in Exchange Server 2016
4488267 Test-OAuthConnectivity always fails when Exchange Server uses proxy to connect to Internet in Exchange Server 2016
4488266 Client application doesn’t honor EwsAllowList in Exchange Server 2016
4488265 “There are problems with the signature” error occurs for digital signature message if attachment filtering is enabled in Exchange Server 2016
4488264 Mailbox that has a bad move request can’t be cleaned up from destination mailbox database in Exchange Server 2016
4488261 Event ID 1002 when the store worker process crashes in Exchange Server 2016
4488260 New-MailboxExportRequest and New-MailboxImportRequest don’t honor RBAC management scope in Exchange Server 2016
4488259 MailTip shows wrong number of users for a distribution group if the users are in different domains in Exchange Server 2016
4488258 OAuth authentication is removed when saving MAPI virtual directory settings in EAC in Exchange Server 2016
4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model
Exchange 2013 CU22 fixes:
4487603 “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2013
4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model
Exchange 2010 SP3 RU26 fixes:
4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
Notes:
These Cumulative Updates do not contain schema changes compared to their previous Cumulative Update. However, due to changes in the permissions architecture, you need to run setup /PrepareAD to implement these changes as well as apply any RBAC changes, before deploying or updating Exchange servers.
When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to delay installing at most one version (n-1).
If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
The order of installation shouldn’t matter with the “every server is an island” concept, yet recommended is to upgrade internet-facing, non-internet-facing servers first, followed by Edge Transports.
Caution:
As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.
A quick blog on recently published security updates for Exchange Server 2013 up to Exchange Server 2019. These fixes address the following vulnerabilities:
Updated April 12th: Notice on KB4487563