Are you ready for the Exchange 2010 end of life?

This post was originally published TechTarget, you can view the original post here

Exchange Server 2010 end of life is approaching – do you have your migration plan plotted out yet?

Exchange Server 2010 reached general availability on November 9, 2009, and has been the cornerstone of the collaboration strategy for many organizations over the last decade. Since that time, Microsoft also produced three releases of Exchange Server, with Exchange Server 2019 being the most recent. Exchange Server 2010 continues to serve the needs of many organizations, but they must look to migrate from this platform when support ends on January 14, 2020.

Editor’s note: [A Sept. 16 blog] (https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591) on the Exchange Team site indicated Microsoft would push the extended support of Exchange Server 2010 from Jan. 14, 2020 to Oct. 13, 2020 “to give Exchange Server 2010 customers more time to complete their migrations. This extension also aligns with the end of support for Office 2010 and SharePoint Server 2010.” Administrators who run Exchange Server 2010 workloads on Windows Server 2008 will need to make adjustments due to the Jan. 14, 2020, end-of-life for that server operating system.

What exactly does end of support mean for existing Exchange Server 2010 deployments? Your Exchange 2010 servers will continue to operate with full functionality after this date; however, Microsoft will no longer provide technical support for the product. In addition, bug fixes, security patches and time zone updates will no longer be provided after the end-of-support date. If you haven’t already started your migration from Exchange Server 2010, now is the time to start by seeing what your options are.

Exchange Online

For many, Exchange Online – part of Microsoft Office 365 – is the natural replacement for Exchange Server 2010. This is my preferred option.

A hybrid migration to Exchange Online is the quickest way to migrate to the latest version of Exchange that is managed by Microsoft. Smaller organizations may not need the complexity of this hybrid setup, so they may want to investigate simpler migration options. Not sure which migration option is best for you? Microsoft has some great guidance to help you decide on the best migration path.

The cloud isn’t for everyone, but in many instances the reasons organizations cite for not considering the cloud are based on perception or outdated information, not reality. I often hear the word “compliance” as a reason for not considering the cloud. If this is your situation, you should first study the compliance offerings on the Microsoft Trust Center. Microsoft Office 365 fulfills many industry standards and regulations, both regionally and globally.

If you decide to remain on premises with your email, you also have options. But the choice might not be as obvious as you think.

Staying with Exchange on premises

Exchange Server 2019 might seem like the clear choice for organizations that want to remain on premises, but there are a few reasons why this may not be the case.

First, there is no direct upgrade path from Exchange Server 2010 to Exchange Server 2019. For most organizations, this migration path involves a complex multi-hop migration. You first migrate all mailboxes and resources to Exchange Server 2016, then you decommission all remnants of Exchange Server 2010. You then perform another migration from Exchange Server 2016 to Exchange Server 2019 to finalize the process. This procedure involves significant resources, time and planning.

Another consideration with Exchange Server 2019 is licensing. Exchange Server 2019 is only available to volume license customers via the Volume Licensing Service Center. This could be problematic for smaller organizations without this type of agreement.

Organizations that use the unified messaging feature in Exchange Server 2010 have an additional caveat to consider: Microsoft removed the feature from Exchange Server 2019 and recommends Skype for Business Cloud Voicemail instead.

For those looking to remain on premises, Exchange Server 2019 has some great new features, but it is important to weigh the benefits against the drawbacks, and the effort involved with the migration process.

Microsoft only supports Exchange Server 2019 on Windows Server 2019. For the first time, the company supports Server Core deployments and is the recommended deployment option. In addition, Microsoft made it easier to control external access to the Exchange admin center and the Exchange Management Shell with client access rules.

Microsoft made several key improvements in Exchange Server 2019. It rebuilt the search infrastructure to improve indexing of larger files and search performance. The company says the new search architecture will decrease database failover times. The MetaCacheDatabase feature increases the overall performance of the database engine and allows it to work with the latest storage hardware, including larger disks and SSDs.

There are some new features on the client side as well. Email address internationalization allows support for email addresses that contain non-English characters. Some clever calendar improvements include “do not forward” work without the need for an information rights management deployment and the option to cancel/decline meetings that occur while you’re out of office.

What happens if the benefits of upgrading to Exchange Server 2019 don’t outweigh the drawbacks of the migration process? Exchange Server 2016 extended support runs through October 2025, making it a great option for those looking to migrate from Exchange Server 2010 and stay in support. The simpler migration process and support for unified messaging makes Exchange Server 2016 an option worth considering.

TCA Podcast Ignite 2019 Special Edition - Call for Content

With Microsoft Ignite 2019 fast approaching, the Community Call for Content is now open and closes on August, 4. In this special episode, Anna Chu (a.k.a The Community Khaleesi) takes us through the types of submissions being accepted and walks us through the process. Are you interested in presenting at Ignite 2019? If so, Anna’s tips will help you put together the best possible submission, increasing your chances of success!

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 29: Exchange Online - "Massive scale.. granular control"

Ever wondered about the scale of Exchange Online or what it takes to manage a service at that scale while constantly deploying new features? Microsoft’s Brent Alinger gave us a tour of Building 31 (a.k.a Exchange Central) on the Microsoft campus and sat down with us to talk about the humble beginnings of the service and how it has grown and matured since then.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 28: The Community Khaleesi Returns

July 1 every year is a big day for the MVP community - Its renewal day for MVPs and we also get to welcome new MVPs into the community. Nicolas, Warren and I are humbled to have been renewed and to be part of this amazing community for another year. In this episode, we had a lot of fun catching up with Anna Chu (a.k.a The Community Khaleesi) to talk about being an MVP, the MVP summit and got a sneak peak into Ignite and Ignite The Tour coming up later this year.

For more information on The Cloud Architects podcast, check us out on SoundCloud

How to keep an Office 365 outage from ruining your day

This post was originally published TechTarget, you can view the original post here

Microsoft employs many engineering teams to make its hosted email service Exchange Online as highly available as possible, but no system is perfect. An Office 365 outage can occur at any time as well as any Azure service you depend on, but with some advance preparation, you can try to make a disruption less jarring.

Much like Exchange Server on premises relies on services such as Active Directory and domain name system, Exchange Online is part of Office 365 and relies on many shared services to provide a user access to their mailbox. Microsoft’s cloud got hit with a few outages last year that affected Azure multifactor authentication and prevented users who require MFA to log on from accessing Office 365 services, including their Exchange Online mailbox. These outages also affected administrators who used MFA on their accounts and could not get into the Office 365 portal.

Developing a highly available Exchange environment on premises involves load balancers, database availability groups, switchovers, failovers and the like. Organizations that move to Exchange Online leave that work in Microsoft’s hands, but you will have new tools and new strategies to use if an Office 365 outage occurs or a critical Azure cloud service breaks to make downtime less of an issue.

How to avoid surprises with Azure identity and authentication

Monitoring your tenant and supporting services won’t prevent a service problem, but it will help you to respond proactively when one occurs and let your users know about the problem before they start alerting you.

The specifics of what to monitor depends on your environment and the services you consume, but it’s always a good idea keep an eye on your identity and authentication infrastructure. How are my domain controllers performing? Is Azure AD Connect synchronization successful? These are the types of questions Azure AD Connect Health can answer. Azure AD Connect Health is included with the Azure Active Directory premium tiers as a component of Azure AD Connect. It monitors the key parts of your identity infrastructure: Azure AD Connect synchronization, Active Directory Domain Services (AD DS) and Active Directory Federation Services (AD FS)

You use agents with Azure AD Connect Health, so you only configure it for the services you want to monitor. For example, if you don’t use AD FS, then there is no need to install and configure that agent.

Check the status of your Office 365 services

In addition to monitoring your identity and authentication infrastructure, it is essential to keep an eye on the Office 365 service health page in the Microsoft 365 admin center.

Office 365 is a massive service with thousands of servers, so it stands to reason that there will always be an incident or service advisory. Some have a wider-reaching effects than others, but it’s a good idea to monitor the service health daily to understand which affect your tenant and users. You can access the service health dashboard from the Health node in the Microsoft 365 admin center.

There are a plethora of third-party monitoring tools that provide in-depth monitoring and reporting of your environment and the Office 365 services you consume. Some include additional monitoring features and will alert you if things like user experience become suboptimal.

If you use System Center and prefer to monitor your Office 365 tenant in one application, then you can download a management pack from Microsoft that adds a monitoring dashboard.

In case of emergency, break glass

If you follow Microsoft’s security recommendations, then all the administrators in your Office 365 tenant should be using MFA to access the Microsoft 365 admin center. But what if you didn’t have any workarounds when the Azure MFA outages hit? You would have lost access to the admin center, unable to see the service health dashboard or perform any other administrative tasks in the tenant.

To get administrative access to your environment during an Azure MFA outage, then you can create an emergency access account, also called a break glass account, to gain administrative access to the tenant when the needed.

What is an emergency access account? As the name indicates, it’s a global administrator account in the tenant for use only when absolutely necessary. There are some basic rules of thumb when creating a break glass account:

  • The password should be long, complex and randomly generated.
  • The password should not have an expiration date.
  • The password should not be known by anyone. Ideally, it will be printed and stored in a safe place that has controlled access.
  • The account should be cloud-only so it is not affected by federation service outages and uses the default tenant – .onmicrosoft.com – domain.
  • The account should not have MFA enabled and should be excluded from conditional access policies.
  • The account should be easily identifiable by other administrators in the tenant, so it doesn’t have its permissions taken away or isn’t inadvertently removed. An easy way to do this is to use the Job Title field for a description.

It’s also important to have a well-documented process to use the break glass account. It doesn’t help if just one person with access to the account password is away on vacation when you need to use the account. It is also a good idea to periodically reset the account password and confirm that it still has all the required permissions and policy exclusions in place.

TCA Podcast Episode 27: Modern Hybrid In Exchange (and little old ladies)

The Microsoft Office 365 Hybrid Configuration Wizard (HCW) has come a long way since it was first introduced in Exchange 2010 SP2, prior to that configuring a hybrid deployment required ~50 manual steps. We had the pleasure of sitting down with Greg Taylor and Georgia Huggins while in Redmond recently to talk about the evolution of the HCW and what challenges the newly released Hybrid Agent solves for customers.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 26: "There is no choice... that is do nothing and stay secure"

We often talk about “The long tail of previous best practices” and how in today’s ever-evolving cloud landscape it is very important to follow updated guidance, this includes keeping our security policies up to date. Nic sat down with Tarek and Mark from Microsoft to talk about Azure AD security, the evolution of identity management and the need to modernize legacy applications.

For more information on The Cloud Architects podcast, check us out on SoundCloud