Outdated and completely unsupported versions of Exchange Servers pose an undeniable danger to corporate infrastructure and to mail flow. However, many administrators still believe in the proverb \u201cif it ain\u2019t broke \u2014 don\u2019t fix it\u201d, and prefer not to update Exchange unless absolutely necessary. And this appears to be why Microsoft decided to develop its transport-based enforcement System for Exchange Online.<\/p>\n
The main purpose of this system is to notify administrators that they\u2019re working with outdated and possibly unsafe software, and that, if they don\u2019t subsequently update in a timely fashion, mail delivery from vulnerable servers will be gradually throttled and eventually blocked. It\u2019s hoped that this system will serve as a convincing reason for administrators to finally upgrade or update Exchange Servers.<\/p>\n
The mechanism is quite simple: when Exchange Online receives mail from Exchange Server through an inbound OnPremises type connector, it identifies the server\u2019s build version and evaluates if it\u2019s safe to receive mail from it (i.e., whether the server\u2019s version is supported and critical security patches are in place). If the server is vulnerable, then Exchange Online notes the date of its first encounter with it and adds a notification about an outdated server to the mail flow report, accessible by Exchange Server administrators.<\/p>\n
If the situation doesn\u2019t change within 30 days from the moment of initial discovery, Exchange Online will begin to throttle (in other words delay) messages from the vulnerable server. The throttling duration increases progressively every 10 days. If nothing changes 60 days after detection, Exchange Online begins to block the e-mails.<\/p>\n
Initially, Microsoft plans to apply this system to Exchange 2007 servers only, but later the same approach will be applied to all versions of Exchange, and it doesn\u2019t matter how the servers communicate with Exchange Online (that is, it won\u2019t be limited to just OnPremises inbound connector). You can find additional details regarding the transport-based enforcement system in the official Exchange team\u2019s blog post<\/a>. Unfortunately, it lacks information on when this system will be launched and, most importantly, when it will extend its scope to other versions of Exchange servers.<\/p>\n Implementation of such a system will be interesting as a precedent. Microsoft is rather aggressively demonstrating to its customers how highly it regards the importance of its cloud infrastructure security. It will be very interesting to see if this initiative turns into a trend \u2014 if other manufacturers of hybrid solutions (i.e., which run partly on a customer\u2019s premises and partly in the cloud) follow Microsoft\u2019s \u00a0example.<\/p>\n If you are still using an unsupported version of the Exchange platform, it\u2019s probably time to upgrade. If you have an up-to-date version of the Exchange, you need to monitor the release of security patches and timely install them.<\/p>\n In addition, we recommend protecting Exchange servers and the mail delivered through them with the dedicated solution Kaspersky Security for Microsoft Exchange Server (included in Kaspersky Security for Mail Server<\/a>). In addition, as the last few years have show<\/a>n, attackers willingly exploit vulnerabilities in Microsoft Exchange \u2014 sometimes creating exploits before users have a chance to install patches, and this can lead to rather serious consequences. But you can stay on top of things \u2014 controlling what\u2019s happening in the corporate infrastructure and detecting malicious activity in time \u2014 with the help of Managed Detection and Response<\/a>-class services.<\/p>\n\n","protected":false},"excerpt":{"rendered":" Microsoft plans to throttle and block email from vulnerable Exchange servers to Exchange Online.<\/p>\n","protected":false},"author":2698,"featured_media":47682,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3051],"tags":[19,4049],"class_list":{"0":"post-47681","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-email","10":"tag-exchange"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/transport-based-enforcement-system\/47681\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/transport-based-enforcement-system\/25452\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/transport-based-enforcement-system\/20886\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/transport-based-enforcement-system\/28056\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/transport-based-enforcement-system\/25748\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/transport-based-enforcement-system\/26145\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/transport-based-enforcement-system\/28600\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/transport-based-enforcement-system\/35020\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/transport-based-enforcement-system\/20384\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/transport-based-enforcement-system\/21011\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/transport-based-enforcement-system\/29967\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/transport-based-enforcement-system\/26085\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/transport-based-enforcement-system\/31765\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/transport-based-enforcement-system\/31452\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/email\/","name":"email"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/47681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=47681"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/47681\/revisions"}],"predecessor-version":[{"id":47686,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/47681\/revisions\/47686"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/47682"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=47681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=47681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=47681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Why a transport-based enforcement system is important<\/h2>\n
How to ensure Microsoft Exchange servers\u2019 operability and secure e-mail flow?<\/h2>\n