In the Beginning
When Exchange 2019 was announced at Microsoft Ignite 2019, it was also announced that Exchange Server 2019 and its Cumulative Updates would be available only through the Volume Licensing Service Center (VLSC). It was explained that large enterprise customers were asking for security, reliability, and dependability. They want all the things that mean Exchange runs as a mission critical application.
|Welcome to Exchange Server 2019! - BRK2176|
As Greg Taylor, then Director of Product Marketing for Exchange Server/Online, said at the time, "For those customers who still want to stay on premises, that's the reason we built Exchange 2019. And that's also the reason why we are only going to distribute Exchange 2019 to those customers through Volume Licensing."
As anticipated, Exchange Server 2019 RTM and CUs 1-8 were only available through the VLSC and to developers for testing and application development through MSDN. And for the first time ever, the current version of Exchange Server was no longer available on the Office Servers Evaluation Center.
To access Exchange Server 2019 through the VLSC, customers must have an active agreement in one of the following Microsoft Volume Licensing programs:
- Microsoft Enterprise Agreement (500+ seats)
- Microsoft Products and Services Agreement (250+ seats)
- Microsoft Open Value Agreement (5-499 seats)
The VLSC requirement imposed a barrier that prevented these customers from accessing Exchange Server 2019. And if non-VLSC customers cannot get Exchange 2019, it means that Exchange 2016 is the latest version they could use for hybrid management after they have completed their migration to the cloud.
As we know, an Exchange server is still required for Exchange recipient management even after all mailboxes have been moved to Microsoft 365 since Active Directory is still the Source of Authority for hybrid customers.
Then HAFNIUM happened...
In March 2021 a state-sponsored hacking group called HAFNIUM targeted Exchange Servers around the world by exploiting zero-day vulnerabilities. Threat actors gained access to email servers and installed malware to facilitate long-term access to victim environments and to perform data exfiltration.
Microsoft quickly responded to HAFNIUM by releasing Security Updates (SUs) that patched the Exchange Server vulnerabilities and a short time later included these fixes in the March 2021 Quarterly Exchange Updates. In an effort to ensure that all customers could get and stay up-to-date, it was decided to publish Exchange Server 2019 CU9 and future CUs to the Microsoft Download Center in addition to the VLSC.
What This Means to Hybrid Customers
Exchange hybrid customers who have completed their migration to the cloud can now use Exchange Server 2019 as their hybrid management server. All customers can now run the latest version of Exchange server with the most recent CUs and SUs by downloading them from the Download Center, even with a Volume Licensing agreement.
CU's are build-to-build upgrades and contain a full server installation, so the latest CU can be used for a fresh installation. Always check the Exchange Team Blog for details on the latest CU. All customers, including hybrid customers, should keep their Exchange servers up to date using the N-1 support statement (the current and previous CUs and SUs are supported).
Keep in mind that currently there is no free Exchange hybrid license available for Exchange 2019 like there is for Exchange 2013/2016, so customers will need to license their Exchange Server 2019. See Big Exchange Announcements!
Customers with Exchange Server 2010 must keep in mind that Exchange Server 2019 will not install if Exchange 2010 is in the environment. Those customers must transition to Exchange Server 2016 and decommission Exchange 2010 before installing Exchange 2019.