Microsoft is taking steps to improve email security by restricting messages sent from legacy email platforms.
Legacy versions of Microsoft Exchange including Exchange 2007, 2010 and 2013 will soon face restrictions and potential blocking of emails to and from exchanges.
Transport-based Enforcement For Email Security
Microsoft is improving their cloud security by addressing the issue of emails sent to Exchange Online from unsupported or unpatched Exchange servers. Running unsupported or unpatched software poses a variety of risks, but the most prominent by far is security.
Once a version of an Exchange Server is no longer supported, it no longer receives security updates, and with the constantly evolving cyber security landscape, this leaves them extremely vulnerable. Malicious actors can exploit known vulnerabilities on unpatched servers by reverse-engineering security updates which means the longer a server is unsupported for, the easier it becomes to hack.
In order to maintain the security of its cloud services, Microsoft adopts the Zero Trust security model, which necessitates that devices and servers are verifiably healthy and managed. Servers that are unsupported or remain unpatched are constantly susceptible to attacks and cannot be trusted, which also means that emails originating from them cannot be trusted.
Changes To Exchange Online For Email Security
Microsoft is implementing a transport-based enforcement system in Exchange Online that alerts administrators about unsupported and unpatched Exchange servers in their on-premises environment that need remediation.
These servers are persistently vulnerable and significantly increase the risk of security breaches, malware, hacking, data exfiltration, and other attacks.
Emails sent from out-of-date email servers will be treated in the following ways:
Reporting
The new mail flow report in the Exchange admin center provides details to a tenant admin about any unsupported or out-of-date Exchange servers in their environment. This may result in emails landing in spam filters.
Throttling
Exchange Online will begin to throttle messages from a server not updated. The duration of throttling will increase progressively over time, giving the admin time to remediate the server. If the server is not remediated within 30 days after throttling begins, emails will be blocked.
Blocking
If throttling does not cause an admin to remediate the server, emails from that server will be blocked altogether until updates have been made.
Updating Your Exchange Server For Email Security
Based on the below, organisations need to ensure their email systems are not run on legacy versions.
Microsoft’s transport-based enforcement system provides a set of safeguards and standards for email entering its cloud service. The system is designed to reduce the risk of malicious email entering Exchange Online and encourage customers to secure their on-premises environments.
If your organisation is currently using Exchange 2007, 2010 and 2013, Akita can assist in migrating you to an up-to-date email solution.
To improve your email security, speak to one of our experts to discuss a migration:
Get In Touch
