As always, test these updates in a lab first! I recommend checking out this 7-part guide on configuring Exchange in your lab. It doesn’t take much to get one going.
The updates are as follows:
A quick word on Exchange 2007
It’s time to update. Exchange 2007 went end of life as of April 11th 2017. You will receive no further patches and will be unable to acquire telephone support. Published back in March 2017, Rollup 23 is the final update for Exchange 2007.
If the lack of security updates from Microsoft isn’t convincing enough, check this article for a list of cool things Exchange 2013 can do. (P.S. Like the fact Exchange 2013 uses less IOPS per mailbox than 2007…say whaaat)
So what’s new in these Cumulative Updates?
Microsoft has released .NET Framework 4.7. The Exchange product group have no reported issues with 4.7. However, they recommend all customers remain at 4.6.2 until further testing can be completed. It is likely we will see official support for 4.7 in the next batch of cumulative updates. For details on how to roll back from 4.7 check this article. If ever in doubt on which .NET release works with which CU check the Exchange 2016 system requirements article.
Cumulative Update 6 also adds support for Transport Layer Security (TLS) 1.2. While support for 1.2 has been added Microsoft recommends customers still keep TLS 1.0 and 1.1 enabled for the time being. These older protocols will be removed in future updates.
Original Folder Item Recovery allows a deleted item to be recovered from the Recovereable Items folder back to its original folder. It does not matter if the user soft deleted or hard deleted the item. In fact, its even more impressive if the user soft deleted the item as it is recovered to the original folder and not the Deleted Items folder. It does this by stamping the folder ID to the item when it is deleted. The folder ID is different than the folder name. This allows recovery even if the original folder has been moved or renamed. The current limitation is that this feature only works with Outlook on the Web. But let’s keep our fingers crossed that this will come to the full Outlook client soon.
Send Items Behavior Control allow an administrator to configure whether a message sent by a delegate is copied to the owner’s Sent Items folder as well. For example, if Rory sends a message as Amy the default behavior is that a message is only saved in Rory’s Sent Items folder. Through PowerShell, an administrator can choose to also copy this message into Amy’s Sent Items folder.
These updates also contain bug fixes, feature tweaks and, daylight savings changes. Check the appropriate KB article above for a list of issues each update remediates.
Schema Updates Needed
Exchange 2016 Cumulative Update 6 does include schema updates. You can apply these beforehand by running SETUP /PrepareSchema from the command line. This is necessary when the Exchange administrator may not have the permissions required to perform the schema update. The graphical setup will perform this step if it detects the schema has not been extended. To extend the schema you must be both a Schema Admin and an Enterprise Admin.
Exchange 2013 Cumulative Update 17 does not include any schema updates. If upgrading from Cumulative Update 7-16 then there are no schema changes. However, if migrating from CU6 or earlier update you will need to perform a schema update.
You will also want to run SETUP /PrepareAD to get the latest RBAC definitions for both Exchange 2013 and 2016.
For more information on how to extend and verify the schema check our guide here.
For a quick reference on schema and build versions check here.
Required for hybrid
Microsoft requires that anyone in a hybrid environment be on the latest or prior cumulative update.
With the May 2017 release of Azure AD Connect you can now synchronize the email addresses of on-prem mail-enabled public folders to Azure. This allows emails to be successfully routed to on-prem mail enabled public folders. Prior to this update senders would receive an NDR stating that the address was rejected.
The Exchange Team is also adding support for SharePoint 2016 as a source for cloud attachments. At present cloud attachments allow you to upload an attachment to OneDrive, OneDrive for Business or SharePoint Online and then send out a stub that mimics a traditional attachment to the recipient. To the recipient the attachment still looks the same. However, the document icon is superimposed with the picture of a cloud and when opened the attachment is opened from the upload source. This keeps the size of the email small. Microsoft is currently testing extending this functionality to SharePoint 2016.
The Exchange team announced that an issue first reported in CU5 is still present in CU6. This issue is an architectural change that has caused some 3rd-party brick level backups to not work as intended. Here is Microsoft’s official statement.
So what do you think is coming next? What would you like to see? Drop a comment below or come join the conversation on Twitter @SuperTekBoy.