Only recently, thousands of Exchange servers were attacked because they were not patched. This is how many infected emails got to Microsoft 365 and Exchange online. Microsoft is now checking these insecure linked servers, warning the administrators and pinching them off with a countdown of up to 90 days.
According to Microsoft's new approach, there should be no more outdated and insecure Exchange servers in the future. The on-premises Exchange servers, which deliver to Exchange-Online and thus to Microsoft 365 via a connector, are now checked for their update status and security. Outdated servers are threatened with extinction sooner or later.
From now on zero trust counts
Microsoft uses that zero trust Security model for its cloud services that requires connected devices and servers to be provably healthy and managed. Servers that are not supported or not patched are continuous prone and cannot be trusted, and therefore e-mail messages sent by them cannot be trusted. Persistently vulnerable servers greatly increase the risk of security breaches, malware, hacking, data exfiltration, and other attacks.
To address this issue, Microsoft enables a transport-based enforcement system in Exchange Online that has three main functions: reporting, throttling, and blocking. The system is designed to alert an administrator about unsupported or unpatched Exchange servers in their on-premises environment that need to be fixed (upgraded or patched). The system also has throttling and blocking features. Therefore, if a server is not repaired, email flow from that server will be throttled (delayed) and eventually blocked.
After 90 days of warning, it's over
🔎 As soon as outdated Exchange servers are detected, the update prompt appears. If nothing happens, the server will be blocked (Image: Microsoft).
Level 1 is report-only mode and begins when a non-compliant server is first detected. Once the server is discovered, it will appear in a report and an administrator will be informed that they have 30 days to fix the server.
If the server is not repaired within 30 days, mail delivery throttling begins and increases every 30 days for the next 2 days in phases 4-10.
If the server is not updated within 60 days of detection, throttling and blocking will begin. Blocking will be increased every 30 days for the next 5 days in phases 7-10.
Outdated servers are stalled
If the server hasn't been repaired 90 days after discovery, it will reach phase 8 and Exchange Online will stop accepting messages from the server. If the server is patched after being permanently blocked, Exchange Online will again accept messages from the server as long as the server is compliant. If a server cannot be patched, it must be permanently decommissioned. In this way, Microsoft wants to completely phase out completely outdated servers. At least those who work with Exchange online.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.