Security News > 2023 > March > Exchange Online will soon start blocking emails from old, vulnerable on-prem servers
Microsoft aims to make it impossible for unsupported and/or unpatched on-prem Microsoft Exchange servers to use the company's Exchange Online hosted cloud service to deliver email.
Blocking potentially malicious emails from reaching Exchange Online.
In the first stage of this planned enforcement, Microsoft will just make it obvious to Exchange Server admins that a particular server is unsupported or out-of-date: by showing alerts in a new mail flow report in the admin center in Exchange Online, and via a post in the Message Center that all Exchange Server customers will see.
"Persistently vulnerable" servers and the emails sent from them can't be trusted, Microsoft says, and are a danger to all Exchange Online cloud instances, as well as email recipients.
"The enforcement system will eventually apply to all versions of Exchange Server and all email coming into Exchange Online, but we are starting with a very small subset of outdated servers: Exchange 2007 servers that connect to Exchange Online over an inbound connector type of OnPremises," the Exchange Team added.
Scott Schnoll - Microsoft's Product Manager for Exchange Online and Exchange Server - said that Microsoft won't be stopping support for newer versions of Exchange servers.
News URL
https://www.helpnetsecurity.com/2023/03/28/exchange-online-blocking-emails-from-vulnerable-servers/
Related news
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- Microsoft will limit Exchange Online bulk emails to fight spam (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)