Update: for the most up to date requirements for running Exchange 2016 Edge role on Windows Server 2016, see this article. Please note that there is currently a known issue where Edge setup does not run successfully on a server that is a member of a domain (KB3205799). Windows Server 2016 where Edge role is being installed should have Windows Server 2016 December 2017 quality update or later.
Today we are announcing an update to our support policy for Windows Server 2016 and Exchange Server 2016. At this time we do not recommend customers install the Exchange Edge role on Windows Server 2016. We also do not recommend customers enable antispam agents on the Exchange Mailbox role on Windows Server 2016 as outlined in Enable antispam functionality on Mailbox servers.
Why are we making this change?
In our post Deprecating support for SmartScreen in Outlook and Exchange, Microsoft announced we will no longer publish content filter updates for Exchange Server. We believe that Exchange customers will receive a better experience using Exchange Online Protection (EOP) for content filtering. We are also making this recommendation due to a conflict with the SmartScreen Filters shipped for Windows, Microsoft Edge and Internet Explorer browsers. Customers running Exchange Server 2016 on Windows Server 2016 without KB4013429 installed will encounter an Exchange uninstall failure when decommissioning a server. The failure is caused by a collision between the content filters shipped by Exchange and Windows which have conflicting configuration information in the Windows registry. This collision also impacts customers who install KB4013429 on a functional Exchange Server. After the KB is applied, the Exchange Transport Service will crash on startup if the content filter agent is enabled on the Exchange Server. The Edge role enables the filter by default and does not have a supported method to permanently remove the content filter agent. The new behavior introduced by KB4013429, combined with our product direction to discontinue filter updates, is causing us to deprecate this functionality in Exchange Server 2016 more quickly if Windows Server 2016 is in use.
What about other operating systems supported by Exchange Server 2016?
Due to the discontinuance of SmartScreen Filter updates for Exchange server, we encourage all customers to stop relying upon this capability on all supported operating systems. Installing the Exchange Edge role on supported operating systems other than Windows Server 2016 is not changed by today’s announcement. The Edge role will continue to be supported on non-Windows Server 2016 operating systems subject to the operating system lifecycle outlined at https://support.microsoft.com/lifecycle.
Help! My services are already crashing or I want to proactively avoid this
If you used the Install-AntiSpamAgents.ps1 to install content filtering on the Mailbox role:
Find a suitable replacement for your email hygiene needs such as EOP or other 3rd party solution
Run the Uninstall-AntiSpamAgents.ps1 from the \Scripts folder created by Setup during Exchange installation
If you are running the Edge role on Windows Server 2016:
Delay deploying KB4013429 to your Edge role or uninstall the update if required to restore service
Deploy the Edge role on Windows Server 2012 or Windows Servers 2012R2 (Preferred)
Support services is available for customers who may need further assistance.
The Exchange Team