Microsoft has issued a critical reminder that Exchange Server 2016 and Exchange Server 2019 will reach end of support on October 14, 2025, with less than one month remaining to prepare and act. Organizations must plan an immediate migration path to remain secure and compliant, either to Exchange Online or to the new Exchange Server Subscription Edition (SE).

What’s Ending

After October 14, 2025, Microsoft will stop providing technical support, bug fixes, security patches, and time zone updates for Exchange 2016 and 2019, increasing exposure to vulnerabilities and operational risks if those servers remain in production.

Security Risks of Remaining on Unsupported Versions

Running Exchange Server 2016 or 2019 beyond the end-of-support date exposes organizations to substantial cybersecurity threats. Historical Exchange vulnerabilities like the HAFNIUM attacks in 2021, ProxyShell/ProxyLogon exploits, and NTLM Relay Attack vulnerabilities demonstrate how critical regular security updates are for Exchange environments. Without ongoing security patches, organizations become vulnerable to zero-day exploits, data breaches, and ransomware attacks that specifically target Exchange infrastructure.

Microsoft recommends migrating to Exchange Online or upgrading on-premises environments to Exchange Server SE, which is the only supported on-premises release going forward. An in-place upgrade path exists from Exchange Server 2019 CU15 to SE to streamline the transition.

Short ESU Lifeline

For organizations mid-migration, Microsoft has introduced an optional six-month Extended Security Update (ESU) program that provides security updates from October 14, 2025, through April 14, 2026. This is a temporary bridge, not a substitute for upgrading or migrating.

Immediate Action Required

With less than 30 days remaining before end of support, organizations must act immediately. Microsoft has warned that they may begin blocking email traffic from unsupported Exchange servers to Exchange Online to protect cloud infrastructure from security risks. Organizations should evaluate their current Exchange deployment, plan migration strategies, and begin implementation processes to ensure continuous support and security for their email infrastructure.

  • Inventory all Exchange servers, versions, roles, and hybrid dependencies, with special attention to any lingering 2016 servers used for management or relay.
  • If staying on-premises for now, install Exchange 2019 CU15 to enable a smoother in-place upgrade to Exchange SE.
  • If moving to the cloud, select a migration method (cutover, staged, hybrid) and begin mailbox and service cutover planning.

Fortify Your Server with Messageware Security

Data breaches have increased by 72%, servers are compromised in under 90 minutes. Ensure you have multiple layers of security software protecting your Windows Servers.

Z-Day Guard for All Windows Servers: Next-gen server protection, providing detection, alerting, and response (MDR) to zero-day and server penetration cyber-attacks. Leverages embedded monitoring technology that cannot be turned off by malicious software. No need to research complicated deployments and no learning curve to install and manage.

EPG Guard for Exchange Servers: Real-time security. Stop AD account lockouts, eliminate password attacks, intelligent GEO blocking, and prevent Exchange Server vulnerability probing.

Don’t leave your critical infrastructure vulnerable, be proactive and stay ahead of evolving threats.