Sunday, November 27, 2016

Choosing an Office 365 User Authentication Method

Hi,
Hope you are doing good !

This article will help you for interview as well...

Choosing an Office 365 User Authentication Method

Authentication

With the exception of internet sites for anonymous access created with SharePoint Online, users must be authenticated when accessing Office 365 services.
·         Modern authentication Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms. This enables sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party identity providers with Office client applications, and smart card and certificate-based authentication. It also removes the need for Microsoft Outlook to use the basic authentication protocol. For more information, including the availability of modern authentication across Office applications, see How modern authentication works for Office 2013 and Office 2016 client appsand Using Office 365 modern authentication with Office clients.
Modern authentication is not turned by default for Exchange Online. To learn how to turn it on, see Enable Exchange Online for modern authentication.
·         Cloud identity authentication   Users with cloud identities are authenticated using traditional challenge/response. The web browser is redirected to the Office 365 sign-in service, where you type the user name and password for your work or school account. The sign-in service authenticates your credentials and generates a service token, which the web browser posts to the requested service and logs you in.
·         Federated identity authenticationUsers with federated identities are authenticated using Active Directory Federation Services (AD FS) 2.0 or other Security Token Services. The web browser is redirected to the Office 365 sign-in service, where you type your corporate ID in the form a user principal name (UPN; for example,isabel@contoso.com). The sign-in service determines that you are part of a federated domain and offers to redirect you to the on-premises Federation Server for authentication. If you are logged on to the desktop (domain joined), you are authenticated (using Kerberos or NTLMv2) and the on-premises Security Token Service generates a logon token, which the web browser posts to the Office 365 sign-in service. Using the logon token, the sign-in service generates a service token that the web browser posts to the requested service and logs you in. For a list of available Security Token Services available, see Single sign-on roadmap.
Office 365 uses forms-based authentication, and authentication traffic over the network is always encrypted with TLS/SSL using port 443. Authentication traffic uses a negligible percentage of bandwidth for Office 365 services.


As an Office 365 admin, you might feel the only way to manage users (on occasions!) is with the whip. Unfortunately, that’s not allowed anymore, so you’ll have to get a bit more sophisticated with your management skills.
When users want to access Office 365, they have to be authenticated. Users in your organization will already have a username and password, most likely while using an internal Active Directory. Of course, you could create separate Office 365 user accounts for your users, but ideally you would make them “reuse” existing on-premises accounts.
I’ve put “reuse” deliberately between quotation marks, as technically speaking this is not entirely true for all possible scenarios. More about that later.
User management is very important. You don’t want the wrong users to have access to the wrong resources, or even worse, have hackers gain access to internal data by hacking user accounts. So, think carefully about authentication and authorization options when using Office 365.
Single Sign-On with Your Existing Active Directory

As mentioned above, you can make use of your existing authentication system (like Active Directory) when implementing authentication for Office 365. Before I explain the possible options, you must know that behind the scenes Office 365 uses Azure AD for authentication. Every Office 365 tenant has a separate Azure AD.
There are two possible options:
  1. Synchronized identities: Accounts are synchronized between Azure AD and your On-Premises directory. You can choose to sync passwords as well, or let users have a different password for both.
  2. Federated identities: In this model, users always authenticate against your internal directory. When signing into Office 365, users are redirected to your internally hosted identity provider, like ADFS. When signed in successfully, users are redirected to Office 365 and are logged in.
Option 2 is the preferred option and is the only option that allows for a seamless, single sign-on experience. However, Option 2 also requires additional on-premises configuration for the identity provider and is therefore the more complicated option.
Option 1 is the easiest solution to set up. In most cases, organizations begin with Option 1, and eventually move to Option 2.
Multifactor Authentication

Besides the two authentication options for identity management, the third way to manage your users is multifactor authentication.
The idea behind multifactor authentication is that a physical item is required when signing in. In most cases this will be a code sent via text or phone call, or is generated by a mobile app. When logging in with your username and password, a key generated by the multifactor device must also be entered.
In the scenario in which a hacker gains the username and password, they still cannot log in unless they have access to the user’s phone. It’s not impossible, but it makes it much harder for hackers to gain access to a user’s account.
In Office 365, you can configure multi-factoraythentication from the Office 365 Admin Center. You can choose which users you want to enable it for, and what to do if the client does not allow multifactor authentication. For example, non-browser clients like Outlook don’t support multifactor authentication yet, but by configuring a so-called app password, users can still use the application.
Office 365 multifactor authentication is based on Azure AD as explained before, and therefore also uses Azure multi-factor authentication.

When it comes to managing your Office 365 users, you have three options:
  1. Synchronized Identities: User accounts are synchronized between your internal directory and Azure Active Directory. Users have to login twice: once to your internal systems, and secondly to Office 365. Passwords can be synchronized between the two, so users don’t have to remember two separate passwords.
  2. Federated identities: There is only one user account, which in most cases will be your On-Premises directory account. When logging into Office 365, your identity provider (e.g. ADFS) will be used to authenticate a user. Single sign-on can be implemented such that users have to log-in only once.
  3. Multifactor authentication: After logging in successfully to Office 365, multifactor authentication requires them to enter a challenge response sent to them via text, a phone call, or generated by a mobile app. Only after entering the code, they can log into Office 365.
There is a fourth option I mentioned briefly earlier - namely, using separate Office 365 accounts, (so-called “onmicrosoft”-accounts, as the format isusername@tenant.onmicrosoft.com. This is only useful in demo purposes, or when you don’t have an internal directory, which is unlikely.
What Should YOU Choose?

As discussed, federated identities are, in most cases, the best solution, but it requires more configuration. When you initially sign up for Office 365, you may not want to do all of that right away. Beginning with synchronized identities and moving to federated identities at a future stage is a very solid approach.
Finally, multifactor authentication is a good thing, but requires users to enter a code every time they log in. You may want to restrict this to admins only however, in order to have the best balance between usability and security. Office 365 has awesome features like document management, version control, workflows, team sites, email, Lync, and more. However, if nobody uses it because of overly strict or overly complicated authentication requirements, it is useless.

Posted by at No comments:
Labels:

Tuesday, November 15, 2016

msExchRecipientTypeDetails in Active Directory for Exchange Online

This tip presents all the possible values for the msExchRecipientTypeDetails Active Directory attribute.
A while back, while performing a migration to Office 365, I had to convert a Distribution Group into aRoom List. However, due to the nature of the migration, I didn’t have access to an on-premises Exchange to use the Shell and convert it, so I had to resort to using ADSIedit. So how do we do this using ADSIedit?
There is a reference field that specifies what a recipient type is, as far as on-premises AD/Exchange is concerned, Recipient Type Details =msExchRecipientTypeDetails.
As many other AD attributes, these are represented by an Integer value in AD. Here are all the possible values for Recipient Type Details:

Object Type

RecipientTypeDetails

Value Name

User Mailbox

1

UserMailbox

Linked Mailbox

2

LinkedMailbox

Shared Mailbox

4

SharedMailbox

Legacy Mailbox

8

LegacyMailbox

Room Mailbox

16

RoomMailbox

Equipment Mailbox

32

EquipmentMailbox

Mail Contact

64

MailContact

Mail User

128

MailUser

Mail-Enabled Universal Distribution Group

256

MailUniversalDistributionGroup

Mail-Enabled Non-Universal Distribution Group

512

MailNonUniversalGroup

Mail-Enabled Universal Security Group

1024

MailUniversalSecurityGroup

Dynamic Distribution Group

2048

DynamicDistributionGroup

Public Folder

4096

Public Folder

System Attendant Mailbox

8192

SystemAttendantMailbox

System Mailbox

16384

SystemMailbox

Cross-Forest Mail Contact

32768

MailForestContact

User

65536

User

Contact

131072

Contact

Universal Distribution Group

262144

UniversalDistributionGroup

Universal Security Group

524288

UniversalSecurityGroup

Non-Universal Group

1048576

NonUniversalGroup

Disabled User

2097152

DisabledUser

Microsoft Exchange

4194304

MicrosoftExchange

Arbitration Mailbox

8388608

ArbitrationMailbox

Mailbox Plan

16777216

MailboxPlan

Linked User

33554432

LinkedUser

Room List

268435456

RoomList

Discovery Mailbox

536870912

DiscoveryMailbox

Role Group

1073741824

RoleGroup

Remote Mailbox

2147483648

RemoteMailbox

Team Mailbox

137438953472

TeamMailbox
As such, all I had to do was locate the Distribution Group in AD, update its msExchRecipientTypeDetailsattribute to 268435456 and wait for DirSync to replicate the change.
Posted by at No comments:
Labels:

Wednesday, November 9, 2016

Blocking a Database Copy/Server from being activated

Hi Everyone ,

Hope it will help you so much in your working enviroment and so many times asked by guys from me so i posted here by taking help of other websites.


There are situations where you might want to block a passive database copy (or even server) in a DAG from being changed activated (changed to the active database copy). Good thing is the Exchange Product group thought about this kind of scenario. You can do exactly that using a so called activation policy. It’s not possible to use the EMC to set this, but using the EMS, you can use the Suspend-MailboxDatabaseCopy cmdlet for this purpose. Yes correct, this cmdlet is typically used for suspending replication for a database copy, but when run with a special ActivationOnly parameter, you can block a database copy from being changed to the active database copy during a failover. For instance, if we want to block MDB01 on E14EX02 from ever being activated during a failover, we can use the following command:
Suspend-MailboxDatabaseCopy –Identity MDB01\E14EX02 -ActivationOnly

When this cmdlet is run with the ActivationOnlyparameter, the database copy cannot be activated until the following command is run:
Resume-MailboxDatabaseCopy –Identity MDB01\E14EX02

Ok so what if I wish to block all databases on a DAG member server? Will I then need to run the above command on all database copies on the particular server? Luckily not. We have a similar command that works on the server level. If oyu want to block a DAG member instead use the Set-MailboxServer with theDatabaseCopyAutoActivationPolicy Blockedparameter.
For instance if I wanted to block DAG member E14EX02 from having database copies activated, I would use the following command:
Set-MailboxServer –Identity E14EX02 -DatabaseCopyAutoActivationPolicy Blocked
To allow database copies to be activated again, I would replace “Blocked” with “Unrestricted”:
Set-MailboxServer –Identity E14EX02 -DatabaseCopyAutoActivationPolicy Unrestricted

Posted by at No comments:
Labels:

Tuesday, November 8, 2016

Transport Dumpster in exchange 2010 Vs. Saftey net in Exchange 2013

Safety net and transport dumpster are two features of Exchange 2013 and 2010 respectively. In fact, safety net is an improved version of transport dumpster.
In this article, we deal with both and find out why Safety Net is better compared to transport dumpster.
Transport Dumpster
A feature that facilitates data recovery as well as provide for compliances in previous versions of Exchange, namely 2010 and 2007, is the Hub transport. All incoming and outgoing messages must go through the Hub transport before it reaches a mailbox.
Transport Dumpster is a feature of the Hub Transport of Exchange 2010 which limits the data losses during a lossy failover occurrence while mail delivery to a DAG. Transport dumpster was first seen in CCR and LCR mailboxes of exchange 2007.

One of the limitations of transport dumpster is that it can be used only for replicated mailboxes and not public folders or mailboxes that aren’t a part of the DAG. All Hub transport servers in the active directory sites of the DAG contains the transport dumpster queue for a particular mailbox and the dumpster is stored inside the mail.que file.
Exchange Server Transport Dumpster Settings
The lifetime of a message within the transport dumpster can be controlled using two attributes, namely,
1. MaxDumpsterSizePerDatabase (E2010) and MaxDumpsterSizePerStorageGroup (E2K7)
2. MaxDumpsterTime
As the name suggests,MaxDumpsterSizePerDatabase is the property that determines the size each storage group on the Hub Transport server can avail. (Default value=18 MB)
MaxDumpsterTime is obviously the duration of time for which the message is available within the dumpster. (Default 7days)
Exchange 2007 simply used to honour the attribute value and retain messages in the mail.que file till the specified limit reached. With Exchange 2010 the transport dumpster now receives feedback from the replication pipeline to determine which messages have been delivered and replicated. As an email makes it way a replicated mailbox database in a DAG, a copy is kept in the transport queue (mail.que) until the replication pipeline has notified the Hub Transport server that the transaction logs representing the message have been successfully replicated to and inspected by all copies of the mailbox database. After the logs have been replicated to and inspected by all database copies, they are truncated from the transport dumpster. This keeps the transport dumpster queue smaller by maintaining only copies of messages whose transactions logs haven’t yet been replicated.
In the event of a lossy failover (where the server or database goes offline due to some reason), the “MSExchangeRepl” (MSExchange replication service) will set the “DumpsterRedeliveryRequired” Attribute to True for the database which just became Active after the failover. This is done with the help of the “LastLogInspected” marker which is set on every database. Hub servers will then redeliver the missing messages from the mail.que file depending upon the MaxDumpsterSizePerDatabase or MaxDumpsterTime whichever is latest.
Presently active settings can be viewed using the following command
Get-TransportConfig |fl *Dumpster*

Exchange 2013 Safety Net
With the Exchange 2013, Microsoft replaced the transport dumpster with an improved and even better – Safety Net.
How Safety Net Works
Safety Net can be considered to be having two parts- Shadow Redundancy and Safety Net Redundancy.
While the safety Net keeps a redundant copy of a message after it is successfully processed, shadow redundancy keeps a redundant copy of the message which is in transit. All features of shadow redundancy like transport high availability boundary, primary messages, primary servers, shadow messages and shadow servers will be applicable to Safety Net.
The Primary Safety Net is applicable for a Mailbox server that holds the primary message before the Transport service completely processes the message. Once the processing of the message is over, the primary server moves the message to the Primary Safety Net from the active queue on the same server.
The Shadow Safety Net is applicable to the Mailbox server which holds the shadow message. Once the shadow server receives the information that the primary server has successfully processed the primary message, the shadow message is moved to the shadow safety net from the shadow queue on the server. For the Shadow Safety Net operation, shadow redundancy should be enabled, and shadow redundancy is enabled by default in Exchange 2013.
Similarities between Safety Net and Transport Dumpster
  • Just as in a transport dumpster, safety Net is also a queue that is related to the Transport service on a Mailbox server
  • It stores copies of messages already processed by the mailbox
  • The duration for which the messages remain in the queue can be specified as in a dumpster. The default is 2 days
Why Safety Net is better than Transport Dumpster
  • Safety Net is not just applicable for DAGs but also for Public Folders and other Mailboxes which are not a part of DAGs unlike a transport dumpster
  • Due to the redundant nature of Safety Net it is never a single point of failure. Because of the availability of the Primary Safety Net and the Shadow Safety Net, even if the Primary Safety Net is unavailable for more than 12 hours, resubmit requests are forwarded to shadow resubmit and act as shadow resubmit requests, and messages are re-delivered from the Shadow Safety Net thus ensuring message delivery even if one of the safety net fails
  • Another advantage of safety net is that safety net do net limit the message storage based on size but only by duration. For example if you set 12 days as the duration limit, the messages will be deleted only after 12 days of being in the inbox
  • Safety Net does not require manual resubmission of messages. Message resubmission is initiated by the Active Manager component of the Microsoft Exchange Replication service
Posted by at No comments:
Labels:

Saturday, November 5, 2016

Journaling Vs. Archiving

Hi everyone ,
Hope it will also help for your interview and knowledge as well.

  • Standard Journaling is on Database Level requires a Exchange Standard client access license (CAL)  – All messages Collects to Journal Mailbox
  • Premium Journaling is on User/Group Level requires a Exchange Enterprise client access license (CAL) – More Granular messages Collects to Journal Mailbox
End User Cannot Retrieving the Email by himself from a journaling Mailbox,But in Archiving End user can retrieve the email himself from the Archiving Mailbox. So Journaling can never replace archiving. They are used in different requirements. Plan and Size your Journal Mailboxes properly otherwise it can go unmanaged very easily as it collects more emails applying on a database level. Its good to put it on a dedicated database based on the requirements. Most of the situations Decision has be made seeing how deleted emails can be handled and serves the compliance which we are looking for.
  • If I delete a Email before archiving. Its removed from the server permanently after the retention period applied on Exchange Databases/users
  • But in Journaling its not the case. Every Email is Moved to a Safe Place. Before End user can play around with it.
To Safe Guard the deleted emails without Journaling , Placing the mailbox on Litigation hold is the feature is to retrieve these emails using e-discovery feature. But placing all mailboxes on litigation hold is not recommended . Its just for a temporary measure on few or more mailboxes while on a legal dispute for example.
Just FYI – Some 3rd Party Archiving Software’s Collects Emails for Archiving from Journal Mailboxes using Exchange Web Services.
Standard Journaling –
Database Properties – Maintenance
image
Premium Journaling –  Requires Enterprise CAL
Compliance Management – Journal rules
image
Native Archiving –  Requires Enterprise CAL
  • End User can move messages to Archiving or Using Retention Policies.
  • End User Can always Delete Emails unless they are not in litigation hold.
  • Helps Removing PST from the Environment.
image
image
3rd Party Archiving like Symantec Vault which stubs the emails from the exchange databases and places pointers in the database.
  • Saves a lot of space on the Databases.
  • Outlook Add-in Requires to Retrieve old emails
  • Helps Removing PST from the Environment.
  • Active sync devices requires to open the archived item via a phone browser. (After clicking the hyper link on the Archived item)
image
Posted by at No comments:
Labels:

Exchange Best Practices: SPF Records

HI Everyone ,
Hope it will help you !!!

Sender Policy Framework (SPF) allows email administrators to reduce sender-address forgery (spoofing) by specifying which are allowed to send email for a domain. SPF is configured by adding a specially formatted TXT record to the DNS zone for the domain.
You can read a detailed explanation of how SPF works here.

It is recommended to implement SPF for your domains. Although adding SPF records to your domain does not directly help to prevent spam from being received by your organization, it does help other organizations to prevent spam email that is spoofing your domain. This in turn can help maintain the reputation of your email domain, and reduce the likelihood of your organization’s legitimate emails being rejected by other email systems, and can help reduce NDRs or bounce back messages from other email systems when spammers are spoofing your domain.

Email spam continues to be a huge problem for organizations these days, and it usually falls on the Exchange administrator to do something about it. Aside from the usual anti-spam measures we can put in place to protect our own servers from spam, we also need to consider how to prevent spammers from spoofing (imitating) the domain names for our own organization. After all, it can be very embarrassing or cause serious brand damage to have spam and malware that uses your domain name.


To detect spoofed email many receiving servers, particularly those operated by large email providers such as Microsoft, Yahoo, Google, and AOL, will perform a check of the Sender Policy Framework (SPF) record for the sender’s domain when a sending server is attempting to send an email message.
SPF records allow a domain owner to specify which mail servers are permitted to send email for that domain name. When the sending server issues its “MAIL FROM” command in the SMTP conversation, the receiving server will look up the SPF record in the domain name of the MAIL FROM email address to see if there is a match for the source IP address of the SMTP connection.

However, SPF is not always able to simply be turned on. A misconfigured SPF record can cause legitimate emails from your domain to be rejected by other email systems. So it is recommended to proceed with caution, taking care to audit all of the possible legitimate senders of email for your domain (including your Exchange/Exchange Online system, plus any external hosted systems that send email using your domain, such as email marketing or payroll systems).

An SPF record is simply a TXT record with a certain syntax. The syntax is made up of two parts; mechanisms, and modifiers. Modifiers are optional and are not commonly used except for special circumstances. During management and troubleshooting of transport you’ll most often be dealing with SPF records containing only mechanisms.

The resulting SPF record looks like this.
v=spf1 a mx include:helpscoutemail.com ~all

By adding that string as a TXT record in the public DNS zone for the domain name I will have prevented unauthorized email servers from spoofing my domain name. At least, they won’t be able to do it when sending to any receiving server that checks SPF records. Anyone who is not checking SPF records can still receive the spoofed email, but may reject it for other reasons such as spam content or malware.




After you have your SPF record in place you should validate it. And in fact, you should repeat this validation test any time you suspect an external organization may be rejecting your email because of your SPF record. MXToolbox has an SPF record validator that takes a domain name and IP address as input and lets you know what the result will be if that IP address sends email for your domain.



Source :- Exchangeserverpro.com
Posted by at No comments:
Labels:

Understanding Proxying and Redirection


Hi Everyone,
Hope you are fine !!!

In a Microsoft Exchange Server 2010 organization, a Client Access server can act as a proxy for other Client Access servers within the organization. This is useful when multiple Client Access servers exist in different Active Directory sites in an organization, and at least one of those sites isn't exposed to the Internet.

A Client Access server can also perform redirection for Microsoft Office Outlook Web App URLs and for Exchange ActiveSync devices. Redirection is useful when users connect to a Client Access server that isn't in their local Active Directory site, or if a mailbox has moved between Active Directory sites. It's also useful if users should actually be using a more effective URL. For example, users should be using a URL that's closer to the Active Directory site in which their mailbox resides.
The Client Access server's response can vary by protocol. Typically, however, a Client Access server takes the following action if it receives a request for a user whose mailbox is in an Active Directory site other than the one to which the Client Access server belongs: In this case, the server looks for the presence of an ExternalURL property on the relevant virtual directory on a Client Access server that's in the same Active Directory site as the user's mailbox. If the ExternalURL property exists, and the client type supports redirection (for example, Outlook Web App or Exchange ActiveSync), the Client Access server issues a redirect to that client. If no ExternalURL property exists, or if the client type doesn't support redirection (for example, POP3 or IMAP4), the Client Access server will try to proxy the connection to the target Active Directory site.
This topic explains proxying and redirection, the circumstances under which each is used, and how to configure your Client Access servers for each scenario.

Note:- If you don't have multiple Active Directory sites in your organization, you don't have to configure Exchange 2010 for proxying or redirection.
   
noteNote:
Client Access servers that aren't exposed to the Internet don't have to have separate Secure Sockets Layer (SSL) certificates to allow proxied traffic from another Client Access server. By default, they can use the self-signed certificate installed with Exchange 2010. However, these certificates aren't usually trusted by internal clients such as Outlook Web App or Outlook, and their use will usually result in certificate warnings. If there are internal clients in the same Active Directory sites as Client Access servers with self-signed certificates, you should replace the self-signed certificates with certificates issued by a certification authority that's trusted by the clients.

Overview of Redirection
Outlook Web App users who access an Internet-facing Client Access server in a different Active Directory site than the site that contains their mailbox can be redirected to the Client Access server in the same site as their Mailbox server if that Client Access server is Internet facing. When an Outlook Web App user tries to connect to a Client Access server outside the Active Directory site that contains their Mailbox server, they'll see a Web page that contains a link to the correct Client Access server for their mailbox. This is known as manual redirection. In Exchange 2010 SP2, administrators can configure cross-site silent redirection to enable this redirection process to happen without the user’s knowledge. For more information, see Cross-Site Silent Redirection later in this topic.
noteNote:
You cannot use cross-site silent redirection in a hybrid environment that uses an on-premises Exchange Server together with Office 365.


noteNote:
You cannot use cross-site silent redirection in a hybrid environment that uses an on-premises Exchange Server together with Office 365.
Exchange 2010 SP2 lets administrators configure cross-site silent redirection. Cross-site silent redirection performs silent redirection for client requests that are destined for a CAS that is located in a different Active Directory site in the same Exchange organization. For example, a user with a mailbox in Active Directory SiteA who accesses the Outlook Web App URL in Active Directory SiteB will be silently redirected to the Outlook Web App URL for Active Directory in SiteA.
To configure cross-site silent redirection, the administrator must use the new CrossSiteRedirectType parameter that’s been added to the Set-OWAVirtualDirectory cmdlet. The parameter has two possible settings. The default setting is Manual.
  • Silent When this setting is configured, a user’s web browser is automatically redirected whenever a Client Access server must redirect an Outlook Web App request to Client Access server or server array located in another Active Directory site. When forms-based authentication is configured on the source and target CAS OWA virtual directories (SSL is required), then the silent redirection is also a single sign-on event. For redirection to occur, the target Client Access server Outlook Web App virtual directory must have an ExternalURL value configured.
  • Manual When this setting is configured, users will receive a notification that they’re accessing the wrong URL and that they must click a link to access the correct Outlook Web App URL for their mailbox. This notification only occurs when a Client Access server determines that it must redirect an Outlook Web App request to Client Access server or server array located in another Active Directory site. For redirection to occur, the target Client Access server Outlook Web App virtual directory must have an ExternalURL value configured.
For example:
Set-OWAVirtualDirectory -Identity "Contoso\owa (Default Web site)" -CrossSiteRedirectType Silent
Posted by at No comments:
Labels:

Monday, September 5, 2016

Microsoft Exchange Versions History


Source:- Exchangemvp.org blog.

In this article we are going to discuss about Microsoft Exchange Server Timeline. In this you will get information about the journey of Microsoft Exchange Server from its first Version 4.0 to the current version Exchange Server 2016. You will also know about improved features, working style, user interface, security etc according to version wise.





 As you know that MS Exchange Server is the leading enterprise messaging server solution in the online market. It was added to Microsoft’s product in April via the release of Exchange Server 4.0. It is a merging point for the migration of MS internal messaging system and their trade PC messaging product.

Microsoft Exchange Server Timeline

Internally, Microsoft was utilizing a legacy XENIX system for their email however with Microsoft growing and requirement to migrate to homegrown solution. Therefore, Microsoft developed Exchange Server. Simultaneously, Microsoft had commercial product named as MSMail that changed from the product called Network Courier from Vancouver Company. Many issues were faced to overcome this Exchange Server 4.0 was released. Work on improving the features of product has not stopped since then, as discussed in the following section Microsoft Exchange Server Timeline.

Exchange Server 4.0

This was the first Exchange Server that was released by Microsoft in March 1996 and later five service packs were released in next two years.

Exchange Server 5.0

This is the new Exchange Administrator console and opening up integrated access to SMTP based networks for the first time. It has an add-in known as Internet Mail connector helps to communicate directly with servers by using SMTP.
Features
  • Web-based Interface: Provides an interface between user and running software on server.
  • Outlook Web Access: It is the Outlook on web and is browser-based email client.

Exchange Server 5.5

As the last edition of Exchange Server have distinct directory, i.e. SMTP and NNTP services. There is no new edition of Exchange Client and Schedule for edition 5.5, instead of this MS Outlook 8.03 was released to support the new feature of it. It was sold in two editions, i.e.
  • Standard version: It had 16 GB of size limitation of database as earlier editions of Exchange Server. It includes the Mail connector, Site connector, Internet mail service, Internet news service as well software to interoperate with Novell GroupWise, Lotus Notes, and Mail.
  • Enterprise version: In this, the limit is increased of 16 TB. Along with this, X.400 connector and interoperability of software with SNADS and PROFS were added and two nodes of clustering capability were introduced.

Exchange Server 2000

This edition overcomes various limitations of previous version. As the size of database, storage is increased so the number of services in the cluster is also increased from two to four. It has a dependency upon Active Directory as it does not have in-built directory service. It also added a support for Instant Messaging.

Exchange Server 2003

Exchange Server 2003 has various compatibility modes that permit users to migrate slowly to new system. It is essential in large companies with the distributed Exchange Server environment that cannot afford the downtime and expense, which comes with the complete migration. It also has the latest feature that enhanced the disaster recovery and permits administrators to bring server online rapidly. This is only done when the server send and receive mail when the stored messages are recovered from backup. In addition, an improvement in the mailbox management tools permits administrators to execute common chores more rapidly. There are several filtering methods are added to Exchange Server. They are not sophisticated to eliminate spam but can protect from DoS and mailbox flooding attacks.
Features
  • Filtering Connection: Messages are blocked from manually specified IP addresses and ranges or from DNS RBL lists.
  • Filtering Recipients: Messages are blocked while sending manually to specified recipients on server or other recipients that are not on server.
  • Intelligent Message Filtering: It is initially free MS add-on and later part of service pack 2, which utilizes heuristic message analysis to block the messages or direct it to junk in Outlook.

Exchange Server 2007

It released the roll-out wave of new products to business customers that includes new clustering option, voice mail integration, better search, support web service, new OWA interface, grater scalability, and best filtering options. It also dropped the support for migration of Exchange 5.5, admin groups, Outlook mobile access, X.400, and some API interface. It runs on x64 edition of Windows Server. Exchange 2007 had introduced many new features with the launch according to Exchange server timeline over Exchange 2003.

Features

  • Protection: Antivirus, Anti-spam, clustering with data replication, compliance, improved security, and encryption.
  • Management Shell: It is a new command-line shell and scripting language for system administration. It has over 375 unique commands for management of MS Exchange 2007.
  • It Experience Improved: 64-bit performance and scalability, simplified GUI, role separation, simplified routing, command-shell.
  • Increased Database Size limitation: Database is limited to 16 TB per database.
  • Unified Messaging: Allows receiving voice email, faxes in mailbox, access mailbox via cell phones.
  • Maximum Storage Groups: Five each for standard edition and 50 for enterprise edition.
  • Outlook Anywhere configuration: Mainly, known as RPC over HTTP offers external access to MS Exchange Server 2007 for users. It offers external URLs for Exchange services.

Exchange Server 2010

This version was released on May 2009 and for general availability on November 2009. Exchange 2010 was also a drastic change in the history according to MS Exchange server timeline, which had introduced many newly features. Lets proceed to read newly added features in below features section.

Features

  • DAG: It is database availability groups. All the SSC, LCR, CCR, and site resiliency functionalities have been replaced via DAG. It offers database-level high availability and supports various copies of every database and flexibility configuration.
  • CAS: It is client access server. Its high availability is provided by utilizing CAS arrays. It contains multiple servers of CAS in active directory site and offers single name for the end of client connections.
  • Multiple Server Role combined with CAS: In Exchange 2010 CAS may be combined with multiple server role or Hub transport roles whether mailbox server participates in Database availability group. Since database availability groups utilizes Windows Failover Clustering and Microsoft does not support it. Balancing on same server will require the utilization of third party load balancer to offers load balancing and fault tolerance for CAS role.
  • RPC Client Access: With the release of RPC client access, all Outlook clients make use of their mailbox via CAS role. Its abstraction layer permits for improved load balancing, redundancy, and minimal client impact in the event of database level event.
  • Cost Savings: It provides about 75% of cost saving of hardware from Exchange Server 2007 to 2010.
  • Personal Archive: It is implemented as secondary mailbox for achieved and enabled users and in server pack 1, personal achieve may be situated on diverse database than primary mailbox that may reside on different disk if required.
  • Recoverable Items: There is a recoverable items folder for Exchange 2010 and configured it properly so that data can be recovered. As it provides tamper proof storage area.
  • Improvement in OWA: It provides the tracking of sent messages and printable calendar view as well as premium experience is available.
  • Moderation in Distribution Groups: It allows joining at will or with other group moderator’s permission.

Exchange Server 2013

There is another release of Exchange Server 2013 on October 2012. It provides the trail edition at MS website. It was also a big change in Exchange Server according to Exchange Server timeline. Lets move forward to read its newly added features in below section.

Features

  • Offline Support: Automatically synchronization of data after proper connectivity.
  • Client Connectivity: CAS is the main point for connectivity for all clients.
  • Public Folders: Public folders are part of mailbox now and high availability is achieved by using DAG.
  • Site Mailboxes: Brings SharePoint and Exchange emails together.
  • OWA: Provides three different UI layouts optimized for desktop, mobile, browser.
  • EAC: Replacement of Exchange Management Console with EAC (Exchange Administrative Center.
  • Support up to 8TB: It allows adding various databases per disk via availability of data group management.
  • Built-in Antimalware protection: Ability for administrators for configuration and management settings from inside EAC.
  • New DPL: Abilities for protecting and identifying sensitive data DPL policies on regulatory standards.
  • Fast search: Provides more indexing and searching experience.
  • Replication: Public folders are saved in mailbox databases and have advantage for database availability groups for high availability and replication.

Exchange Server 2016

It is the latest edition of Exchange Server released on October 2015.

Features

  • Combine Roles: Reduce the number of availability roles – Mailbox Server and Edge Transport.
  • OWA: There are UI changes
  • Office 365 Hybrid: HCW (Hybrid Configuration Wizard), which was included with Exchange 2013, is now moving to become cloud-based application. In Exchange 2016, if the user chooses to configure hybrid then, user is encouraged to download and install the wizard as small application.
  • Messaging Policy: provides new DLP and Archiving/ Discovery/ Retention features.

Conclusion

In this article write up we have discussed about Microsoft Exchange Server Timeline according to version wise improved features. As you know that with the business point of view, Exchange Server plays an important role in data management. The Microsoft Exchange Server timeline has offered various beneficial features for users and keep on updating accordingly with every new edition of Exchange Server.
Posted by at No comments:
Subscribe to: Posts (Atom)