Microsoft Updates Support Policy for Exchange 2016's Edge Role
- By Kurt Mackie
- March 27, 2017
Microsoft's support for the Edge role on Exchange Server 2016 got a policy change last week that affects its use on Windows Server 2016.
The Edge Transport server role of Exchange Server is used to route incoming messages to the Mailbox server. It's also used to apply transport rules to messages, as well as to provide address rewriting and anti-spam protections. In September, Microsoft announced the impending deprecation of its SmartScreen e-mail spam filter service for Exchange Server and the Outlook e-mail client. Organizations typically may have used this SmartScreen Filter on the Edge role of Exchange Server to block spam.
Instead of using that filter, though, Microsoft had recommended that organizations use its Exchange Online Protection service or third-party products to get spam protection.
The deprecation of the SmartScreen filter for Exchange Server and Outlook turns out to have had other implications, particularly for organizations running Exchange Server 2016 on Windows Server 2016. A March quality update known as "KB4013429" will cause crashes for organizations that continue to use the filter, and that's partly why Microsoft is deprecating the Edge role, apparently.
Here's how the Exchange team explained that point:
After the KB is applied, the Exchange Transport Service will crash on startup if the content filter agent is enabled on the Exchange Server. The Edge role enables the filter by default and does not have a supported method to permanently remove the content filter agent. The new behavior introduced by KB4013429, combined with our product direction to discontinue filter updates, is causing us to deprecate this functionality in Exchange Server 2016 more quickly if Windows Server 2016 is in use.
Organizations have the option to "delay deploying KB4013429 to your Edge role or uninstall the update" as a temporary workaround. However, if an organization doesn't apply KB4013429, then they'll have "an Exchange uninstall failure" when decommissioning a server, Microsoft's announcement warned.
The Exchange team also said that its policy change was being driven by potential conflicts between the SmartScreen filter used with Windows, Internet Explorer and the Edge browser. The SmartScreen service used with those products has a different purpose as it protects users against malicious Web sites and downloads, rather than blocking spam.
The announcement directed organizations to the Microsoft Lifecycle Policy page for the policy change details.
Organizations running the Edge role of Exchange Server 2016 on other supported Windows operating systems aren't affected by this policy change, according to the Exchange team's post. However, Microsoft still recommends that those organizations should stop using its deprecated SmartScreen filter with Exchange Server and Outlook. It also still recommends the use of the Exchange Server Edge role on Windows Server 2012 or Windows Server 2012 R2 OSes.
Exchange Server Updates
In other Exchange Server news, Microsoft last week released March cumulative updates (CUs) and rollup updates (RUs) for its supported server products. They include CU5 for Exchange 2016, CU16 for Exchange 2013, RU17 for Exchange 2010 Service Pack 3 and RU23 for Exchange 2007 SP3.
The latter release, RU23 for Exchange 2007 SP3, is most noteworthy because it's the last security update that will arrive for that product. Microsoft had earlier announced that Exchange Server 2007 would fall out of support in April. An unsupported product doesn't get security fixes from Microsoft. The only exception is to have a Custom support agreement in place with Microsoft.
Microsoft also indicated in its general announcement of the March updates for Exchange Server products that it is planning updated guidance on changes for Transport Security Layer (TLS) 1.2 coming in June for Exchange Server 2016 CU6 and Exchange Server 2013 CU17. It didn't say what the changes would be, though.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.