Support Lifecycle changes for Office ProPlus & 2016 (a.o.)

Outlook 2013 IconIn a surprise – but welcomed – move, Microsoft announced yesterday that the office support lifecycle for Office 365 ProPlus on Windows 8.1 and Windows Server 2016 are extended to January 2023 (EOL of Windows 8.1) and October 2025 respectively. In addition, Office 2016 connectivity support for Office 365 services will be extended to October 2023 (was 2020).

Other announced changes in product support lifecycles were extending Windows 10 Enterprise & Education support from 18 to 30 months. Also, for Windows 7 Professional & Enterprise, paid security updates (Extended Security Updates) will be offered, and those Windows 7 ESU devices will be supported through January 2023 – parallel to Windows 8.1 – with Office 365 ProPlus.

The intention of these changes is to provide customers more flexibility in adopting modern desktops on the client end (i.e. Windows 10) and upgrade their Office suite, preferably to the susbscription-based ProPlus. The release cadence of the cloud has significant impact on organizations, which were told in February to keep in line with product releases as a lot of product support lifecycles were going to end in 2020.

Extending those dates not only gives them more flexibility to plan and upgrade, but also might prevent organizations to do only to the minimum, which is likely the reason many organizations are still on Windows 7 and why it took many organizations a long time to get rid of Windows XP.

 

End of Exchange 2010 Mainstream Support

Exchange 2010 LogoWith all the media attention for Windows 7 going out of mainstream support, one might forget today also marks the end of mainstream support for Exchange Server 2010.

Exchange 2010, which was released in October, 2009 (which seems centuries ago now), and which still has a very large installed base, is going into the extended support phase.

Depending on your support contract, this means Microsoft will no longer provide free support for this product. Patches for security issues will still be available, and owners of premier support contracts are eligible for non-security updates through extended hotfix support option.

Exchange Server 2010 will reach end-of-life on January 14th, 2020.

Exchange Server 2003 †

ex2003eeHóka-héy! Today is a good day to die(*).

With all the media attention for Windows XP support coming to an end today, one might forget that today also marks the official death of Exchange Server 2003 as the extended support phase ends for one of the products many of us developed a love-hate relationship with over the years. In addition, extended support for Office 2003 also ends today.

Reaching the end of extended support means that as of today, those products are no longer supported and will no longer receive security patches. Therefor, organization running Exchange Server 2003 or using Outlook 2003 might be exposed to security risks.

Of course there is an exception to this rule, depending on how deep your pockets are. Organization neglecting or ignoring the upcoming demise of products for some period can continue to receive support for a hefty price. For example, the UK government paid $9m for an additional year of Windows XP, Office 2003 and Exchange 2003 support, and the Dutch government paid an undisclosed amount for an additional year of Windows XP support for around 40,000 systems. Ironically, the Dutch National Cyber Security Center NCSC, part of the department of justice, warned citizens to stop using Windows XP and upgrade.

For organizations still running Exchange Server 2003, there is nothing to be ashamed of as there are occasional sightings of Exchange 5.5 out there. When you think about upgrading, be advised that there is no direct upgrade path to Exchange Server 2013 and you either need to perform a double hop migration through Exchange Server 2007 or Exchange Server 2010 (recommended) or migrate to Office 365 as an alternative.

*) A battle cry attributed to Crazy Horse

Forefront UAG EOL Announcement

ForeFrontAlmost one and a half year after the End of Life announcement of TMG (and other products in the Forefront product line), Microsoft yesterday announced the End of Life of one of the other Forefront products, Unified Access Gateway or UAG as we all know it. To be honest, this announcement didn’t come as a big surprise.

The TMG EOL notice in September 2012 said, “It is important to note that there are no significant changes to the Forefront Identity Manager or Forefront Unified Access Gateway roadmaps”. Apparently Microsoft changed its mind somewhere over the last 15 months. Forefront UAG won’t be available anymore per July 1st, 2014; mainstream support ends April 14th, 2014 and extended support ends April 14th, 2020.

Suggested alternative is Windows Server 2012 R2 with its Web Application Proxy (WAP) role. Though not being on par with UAG or TMG, WAP can provide DirectAccess capabilities and application publishing. Other vendors offer alternative products like KEMP load balancers equipped with their Edge Security Pack (ESP) or F5 with their BIG-IP Local Traffic. Manager (LTM) products.

Customers with Software Assurance utilizing UAG are granted a Windows Server 2012 R2 Standard license. As of December 1st, those customers are also exempt from ordering additional UAG licenses.

Forefront TMG 2010 EOL Announcement

Today, Microsoft finally announced the discontinuing of most of it’s ForeFront products, including the retirement of products used in many Exchange deployments, ForeFront Threat Management Gateway (TMG) 2010 and ForeFront Protection for Exchange (FPE).

The products to be discontinued are:

  • ForeFront Threat Management Gateway (TMG), including Forefront TMG Web Protection Services (TMG WPS);
  • ForeFront Protection for Exchange (FPE);
  • ForeFront Protection for SharePoint (FPSP);
  • ForeFront Security for OCS (FSOCS);
  • ForeFront Protection Server Management Console (FPSMC).

This announcement is not a real surprise; rumors TMG would cease to exist circulated for months. Using this official statement companies can start adapting their strategies, when they have not already done so, when using one of the products mentioned. When companies were planning to use them in the (near) future, they need to turn to alternative solutions as well, since the these ForeFront offerings will no longer be available for purchase as of December 1st, 2012!

As it stands, mainstream support for TMG will end on April 14th, 2015; extended support for TMG will end on April 14th, 2020. Forefront Online Protection for Exchange (FOPE) will be rebranded as Exchange Online Protection.

First, the hygiene products. This is clearly a move these shift these layers of protection to “the cloud”, which has clear benefits like filtering incoming messages before they enter the organization which is also nice from a bandwidth perspective. However, that’s no solution for the many customers still requiring an on-premise solution which, for example, does store scanning; these customers are forced to tend to to 3rd parties, like McAfee or Symantec. Note that Exchange 2013 will contain basic anti-malware functionality, but I doubt this will meet any customer’s demands and certainly isn’t a very manageable solution.

Next, there’s the firewall, reverse proxy, load balancing and VPN functionality offered by TMG. Currently, many organizations use TMG to publish Exchange and as like many say and know, Exchange and TMG go very well together. For example, TMG can offer pre-authentication or SSL offloading for your Exchange boxes.These customers need to look into VPN like solutions like ForeFront UAG, which is a totally different concept and less straightforward than implementing a TMG in front of your Exchange boxes, or check for 3rd party solutions, like F5 BIG-IP with the Access Policy Manager add-on. Of course, your revised strategy and eligible solutions depend on your business requirements.

Roadmaps of ForeFront Identity Manager (FIM) and ForeFront Unified Access Gateway (UAG) remain unchanged, so publishing Exchange using UAG remains a future-proof possibility.