Getty Images
How will enterprises handle changes in Exchange Server SE?
With current Exchange Server versions expiring in October, Microsoft's move to subscriptions and a tight migration deadline puts pressure on organizations keeping on-premises email.
Microsoft's Exchange Server, a bedrock of enterprise communication for nearly three decades, is undergoing a significant transformation that leaves its future on shaky ground.
As Exchange Online dominates in the cloud, customers who still rely on on-premises Exchange face a pivotal moment: Should they migrate to the upcoming Exchange Server Subscription Edition (SE) or take their email into the cloud? The move to Exchange Server SE will not be the typical version upgrade, but a dramatic shift in areas related to licensing and support and a move away from how Microsoft shops have run on-premises server products for many years.
Subscription model and tight timeline squeeze customers
Scheduled for general availability in July, Exchange Server SE marks the end of Exchange's traditional perpetual license model. Instead, it embraces Microsoft's Modern Lifecycle Policy and a subscription-based approach, requiring continuous payments via Software Assurance (SA) or qualifying cloud licenses to maintain support and access updates.
This strategic move coincides with the end-of-support date for Exchange Server 2016 and Exchange Server 2019 on Oct. 14, 2025. After this date, Microsoft stops technical support and software updates for these products. This leaves a tight three-month window between Exchange Server SE's arrival and the end-of-life (EOL) deadline to complete the upgrade.
Exchange's long history as the de facto enterprise messaging platform underscores the significance of these changes. Exchange Server's dominance continues to wane as hosted email adoption keeps surging. Data analytics service provider 6sense pegged Exchange Online's share of the hosted email market at 39.6%. While it doesn't provide solid numbers, Microsoft said most new Exchange deployments are with its cloud with Exchange Online.
Why Exchange Server continues to cling to life
Despite Microsoft's persistent push to the cloud, some holdouts plan to maintain their on-premises Exchange Server for as long as possible.
One reason is to protect sensitive email and other content for data sovereignty, a key concern for many enterprises.
Also, Microsoft's cloud is not immune to outages, and several high-profile incidents have led to service disruptions in Exchange Online. Keeping a locally installed email server is one way to stay in control.
"Many users are gravitating to the cloud where they store vital information, which has its benefits in many cases," said Frank Dzubeck, president at Communications Network Architects. "But, when they get hacked or suffer a significant outage, they can't access the information they need for reasons pertaining to compliance or governance. It's a better idea to hold onto your ancient Exchange Server to keep [email] safe, while also pursuing a hybrid strategy."
Additionally, on-premises Exchange can be a cost-friendly option, especially for those with existing hardware investments and licensing.
"One of the questions enterprises still ask is, 'Do I continue running my own Exchange Servers, or have Microsoft run them for me and go the whole [Microsoft] 365 route?' which could be more expensive than staying put," technology analyst Jack Gold, president at J.Gold Associates, said. "Right now, there are many Exchange users adopting the if-it-ain't-broke-why-fix-it philosophy and are content to run the older Exchange Servers."
Exchange Server SE release plagued by setbacks
The journey to Exchange Server SE has been marked by delays and evolving timelines since Microsoft announced Exchange vNext at the Microsoft Ignite show in 2020.
Microsoft said it would release Exchange vNext in the second half of 2021 with a subscription requirement. But the general availability date arrived without any news until June 2022 when the company updated its Exchange Server roadmap to say significant attacks on the messaging platform, such as the Hafnium attacks, led to a renewed focus on the platform's security issues. Added development work in this area pushed the release of the next version of Exchange Server to the second half of 2025.
Besides holding off delivery to harden Exchange Server's defenses, some believe the company has been slow-walking the next version because there is no serious competitor in this space.
"No one is going hard after that business because Microsoft's position there is so dominant," Dzubeck said. "Besides, it's difficult to move an email system because it touches so much of your existing software, causing other adjustments to be made. It may be older technology, but they're making money from a loyal user base. They still view it as a cash cow."
A critical component for the move to Exchange Server SE is the Exchange Server 2019 Cumulative Update 15 (CU15), which also faced significant delays. Microsoft originally expected to deliver it in late 2024, but it was pushed into 2025 and finally released on Feb. 10. Microsoft said CU15 required additional work after extensive testing discovered issues. This further squeezed the timeline for organizations preparing to upgrade to Exchange Server SE. While upgrading to CU15 is not required, Microsoft recommends it because it will be "code equivalent" to Exchange Server SE.
Despite these holdups, Microsoft has no plans to waver from the EOL date for Exchange Server 2016 and 2019. In the past, the company has offered extensions or Extended Security Updates for EOL products, but the consistent messaging from Microsoft has been that customers either need to move to the cloud with Exchange Online or stay with the on-premises infrastructure and upgrade to Exchange Server SE before support expires.
Microsoft poses the cloud as a security blanket
Microsoft said security is the primary driver for the push to the cloud and its SE model.
Microsoft security updates to on-premises environments typically lag behind fixes to cloud services, making the infrastructure more vulnerable until admins deploy patches. Threat actors have focused on vulnerabilities in Exchange Server for years to exploit servers in organizations with a haphazard patching routine.
Nevertheless, some IT leaders believe the on-premises infrastructure offers advantages in security and cost, saying the most dangerous attackers have used extensive ransomware campaigns to infiltrate organizations that rely on Microsoft's cloud services, particularly Microsoft 365 and its Exchange Online platform.
One of the worst incidents occurred in mid-2023 when China-affiliated hackers, dubbed Storm-0558, compromised the Exchange Online mailboxes of 22 organizations and approximately 500 individuals, including the mailboxes of senior U.S. government officials.
"The one advantage of being on-premises is you're not on the radar of those attackers to the same extent you would be in Exchange Online," said Rob Helm, director of research at Directions on Microsoft.
However, another analyst said, while Exchange Online can be vulnerable, it's still a better option than the on-premises version.
"Basically, Microsoft wants on-premises customers in the cloud and running a subscription version to make sure they are patched. Then, we might not see the horror stories, like Hafnium," said Tony Redmond, principal at consulting firm Redmond & Associates, a noted expert on Exchange and a Microsoft MVP. "Exchange Online is not Exchange Server. Hackers can penetrate an on-premises server just as easily because they are usually not managed as well as cloud resources, and user accounts aren't protected with features like [multifactor authentication]."
Licensing changes will arrive with Exchange Server SE
The foundational change with Exchange Server SE is the shift from perpetual licenses to a subscription model. To continue to use Exchange Server SE, organizations must take one of two licensing paths:
- On-premises licensing. Organizations purchase an Exchange Server SE license for each running instance and Client Access Licenses (CALs) for each user or device that accesses Exchange Server SE. The organization must also have SA and keep it active; otherwise, Microsoft will revoke access. Customers without active SA on their existing Exchange 2019 licenses must purchase new Exchange Server SE licenses with SA.
- Cloud subscription licensing. If all users and devices that access the on-premises Exchange Server SE have a license with a qualifying cloud subscription, such as Microsoft 365 E3 or E5, then SA is not required in this instance.
Microsoft will continue to provide a free license via Hybrid Configuration Wizard for servers used exclusively for recipient management. However, this license requires active SA or a qualifying cloud subscription to receive updates and remain compliant.
Customers will manage the software and product keys for Exchange Server SE via the Microsoft 365 admin center, the successor to Volume Licensing Service Center. Microsoft said there are no online license checks for Exchange Server SE.
Microsoft to boost prices for on-premises products
Microsoft plans to increase prices for its on-premises server products starting July 1, coinciding with the launch of Exchange Server SE and the shift to subscriptions:
- Standalone server licenses for Exchange Server SE, SharePoint Server SE and Skype for Business Server SE increases by 10%.
- Core CAL Suite increases by 15%.
- Enterprise CAL Suite increases by 20%.
Microsoft said the increases were necessary due to ongoing maintenance and development to cater to a shrinking on-premises customer base.
However, determining the cost remains a significant hurdle for IT departments. Microsoft's maintains an opaque pricing structure for server licenses and CALs. Customers must work with Microsoft account teams or licensing partners for quotes, a process many find frustrating. Budgeting often relies on extrapolating from previous costs, plus the announced percentages.
Exchange Server SE upgrade paths and timelines
With the Oct. 14 EOL deadline fast approaching, selecting and executing the correct upgrade path is paramount. Microsoft offers two approaches to migrate to Exchange Server SE:
- In-place upgrade. This option is available only for organizations running Exchange Server 2019 CU14 or CU15. It follows the familiar process of installing a CU, directly upgrading the existing server to Exchange Server SE. It's touted as the fastest and least disruptive option because it does not require new hardware or mailbox migrations. Organizations on older Exchange 2019 CUs must update to CU15 as a prerequisite.
- Legacy upgrade. This option is the more complex migration method that involves setting up a new Exchange Server SE environment, migrating mailboxes and namespaces, configuring services and decommissioning the old servers. This path is mandatory when migrating from Exchange Server 2016.
Microsoft recommends that organizations using Exchange 2016 perform a legacy upgrade to Exchange 2019 CU15 soon to use the simpler in-place upgrade path for the final step to Exchange Server SE. While a direct jump from Exchange Server 2016 to Exchange Server SE is technically possible, the narrow window makes it highly impractical and risky.
A key consideration in this project is the underlying Windows Server OS. Microsoft does not support in-place OS upgrades for servers running Exchange. Organizations that also want to move to a newer server OS, such as Windows Server 2022 or 2025, must use the legacy upgrade route and build new servers on the desired OS.
What does the future hold for Exchange Server?
Despite all the arguments for and against maintaining an on-premises Exchange, in the real world, it's clear Exchange Online is winning.
Research by Radicati Group showed that, as of the end of 2023, Exchange Online dominated the global Exchange mailbox landscape with an 84% share, leaving only 16% for the on-premises version of Exchange Server.
"There's no compelling reason to stay with the on-premises version of Exchange," Helm said. "There is a minority of users with a bunch of less compelling reasons to stay on it for … regulated industries or compliance."
Microsoft's introduction of the SE model across multiple server products -- SharePoint and Skype for Business -- indicates a significant strategic shift. Products in the company's Modern Lifecycle Policy have no fixed EOL date. The lifespan of products in this policy depends on market demand and the support lifecycle of the underlying Windows Server OS.
The feature gap between Microsoft's on-premises and cloud offerings will only continue to widen, especially as the company infuses even more AI capabilities in its collaboration apps. The lack of dedicated Exchange certifications is another concern for enterprises that need skilled professionals to manage the complexities of an Exchange Server environment.
Microsoft has no serious rivals in the on-premises email server market to influence the product strategy and timelines. What the future holds for Exchange Server remains to be seen, including whether additional capabilities might eventually fold into Microsoft Teams or get tucked into the Outlook client.
"There will always be situations where you will need email," Helm said. "But, honestly, I think other forms of communication, like chat, are going to affect the evolution of email more than anything."
Ed Scannell is a freelance writer and journalist based in Needham, Mass. He reports on a wide range of technologies and issues related to corporate IT. He can be reached at [email protected].
