



Slowly but surely, Microsoft will prevent unsupported or unpatched on-premises Microsoft Exchange servers from delivering email using cloud services hosted on the company’s Exchange Online. We aim to be

Block potentially malicious email from reaching Exchange Online

“Address [the problem of persistently vulnerable Exchange servers that cannot be trusted]We have enabled a transport-based enforcement system in Exchange Online with three main functions: reporting, throttling and blocking,” said the Exchange team.

“This system is designed to alert administrators to unsupported or unpatched Exchange servers that require remediation (upgrade or patching) in on-premises environments. It also has throttling and blocking capabilities, so if a server is not remediated, mail flow from that server will be throttled (delayed) and eventually blocked.”

In the first phase of this planned implementation, Microsoft will reveal to Exchange Server administrators that certain servers are no longer supported or outdated. That is, alerts appear in the new Mail Flow Report in the Exchange Online admin center and via message center posts that are visible to all Exchange Server customers.

If there is no incentive to patch or upgrade within the next 30 days, the company moves on to the next stage. That is, he delays (throttles) the delivery of emails from the server to the Exchange Online service for 5 minutes.

The next six stages increase the duration of throttling only or throttling and blocking. Finally, if the administrator of that server has not patched or upgraded the server within her 90 days, Exchange Online will no longer accept messages from the server.

Phases of a progressive enforcement system (Source: Microsoft)

“Permanently vulnerable” servers and email sent from them are untrustworthy and dangerous to all Exchange Online cloud instances and email recipients, Microsoft says.

“While the enforcement system will eventually apply to all versions of Exchange Server and all email sent to Exchange Online, we are starting with a very small subset of older servers. On-premises inbound connector types Exchange 2007 servers that connect to Exchange Online via ,” added the exchange team.

“Following this initial rollout, we will gradually bring other versions of Exchange Server into our enforcement system. Expand the scope to include versions.”

If the server version is still supported (e.g. Exchange 2016 and 2019) and the server is “long behind” in security updates, the server will be considered vulnerable and mail flow from it will be delayed. or blocked.

“If a server is completely blocked and then patched, Exchange Online will again accept messages from the server as long as the server remains compliant. If the server cannot be patched, it will be permanently removed from the service.” You have to,” Microsoft pointed out.

why?

Microsoft’s stated goal is to protect its internal infrastructure and improve the security profile of the Exchange ecosystem. Especially since the frequency of attacks against Exchange servers has increased significantly over the last few years.

The comments section of the announcement and a lively discussion on Reddit led some to welcome Microsoft’s move, while others encouraged customers to stop using Exchange on-premises altogether and switch to using Exchange Online (and pay for it). It became clear that some see it as the beginning of an operation to force the , of course).

Scott Schnoll, product manager for Exchange Online and Exchange Server at Microsoft, said Microsoft won’t stop supporting new versions of Exchange Server. Also, there is no need to replace an unsupported version of Exchange with a newer version.

“I don’t need to use a Microsoft product to send email to Exchange Online. We want our customers to be safe wherever they choose to do their email,” he said. rice field.

Can we assume that this ultimately means that email traffic from other non-Microsoft products deemed “persistently vulnerable” will be blocked as well? .

The Exchange team says it will “initially focus on email servers that can be easily identified as vulnerable on an ongoing basis, but will block all potentially malicious mail flow.” .

when?

After a short private preview, the first wave of affected customers will see new mail flow reports and alerts on May 23, Schnoll said.

“June is when the suppression of the first wave begins, and July is when the blocking begins. he added.

Sources 1/ https://Google.com/ 2/ https://www.helpnetsecurity.com/2023/03/28/exchange-online-blocking-emails-from-vulnerable-servers/ The mention sources can contact us to remove/changing this article

