%3CLINGO-SUB%20id%3D%22lingo-sub-1458993%22%20slang%3D%22en-US%22%3EReleased%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1458993%22%20slang%3D%22en-US%22%3E%3CP%3EToday%20we%20are%20announcing%20the%20availability%20of%20quarterly%20servicing%20cumulative%20updates%20for%20Exchange%20Server%202016%20and%202019.%26nbsp%3BThese%20updates%20include%20fixes%20for%20customer%20reported%20issues%20as%20well%20as%20all%20previously%20released%20security%20updates.%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%20id%3D%22toc-hId--1324799409%22%3EChanges%20to%20OWA%E2%80%99s%20Blocked%20File%20Extensions%3C%2FH2%3E%0A%3CP%3EThis%20quarterly%20update%20adds%20additional%20file%20types%20to%20the%20default%20OWA%20Mailbox%20Policy%20BlockedFileTypes%20list.%20The%20new%20extensions%20added%20to%20this%20list%20are%20listed%20in%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2FKB4559446%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EKB4559446%3C%2FA%3E.%20This%20change%20was%20made%20to%20increase%20security%20by%20preventing%20users%20from%20being%20able%20to%20download%20these%20attachment%20types.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%20id%3D%22toc-hId-1162713424%22%3EAddition%20of%20Pipelining%20Support%20to%20Restore-RecoverableItems%3C%2FH2%3E%0A%3CP%3EThis%20update%20also%20addresses%20a%20customer%20reported%20issue%20whereupon%20the%20Restore-RecoverableItems%20didn%E2%80%99t%20support%20pipelining%20which%20made%20its%20use%20more%20difficult.%20This%20update%20adds%20pipelining%20support%20to%20this%20cmdlet.%20You%20can%20find%20more%20details%20in%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2FKB4547707%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EKB4547707%3C%2FA%3E.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%20id%3D%22toc-hId--644741039%22%3ERelease%20Details%3C%2FH2%3E%0A%3CP%3EThe%20KB%20articles%20that%20describe%20the%20fixes%20in%20each%20release%20and%20product%20downloads%20are%20available%20as%20follows%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EExchange%20Server%202019%20Cumulative%20Update%206%20(%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2FKB4556415%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EKB4556415%3C%2FA%3E)%2C%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2FLicensing%2Fservicecenter%2Fdefault.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EVLSC%20Download%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EExchange%20Server%202016%20Cumulative%20Update%2017%20(%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2FKB4556414%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EKB4556414%3C%2FA%3E)%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownload%2Fdetails.aspx%3Ffamilyid%3D404c2944-345b-410c-a523-6d964779c6f9%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EDownload%3C%2FA%3E%2C%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownload%2Fdetails.aspx%3Ffamilyid%3D1e3e60da-bac3-4745-98d8-934c7e95c626%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUM%20Lang%20Packs%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%20id%3D%22toc-hId-1842771794%22%3EAdditional%20Information%3C%2FH2%3E%0A%3CP%3EMicrosoft%20recommends%20all%20customers%20test%20the%20deployment%20of%20any%20update%20in%20their%20lab%20environment%20to%20determine%20the%20proper%20installation%20process%20for%20your%20production%20environment.%20For%20information%20on%20extending%20the%20schema%20and%20configuring%20Active%20Directory%2C%20please%20review%20the%20appropriate%20documentation.%3C%2FP%3E%0A%3CP%3EAlso%2C%20to%20prevent%20installation%20issues%20you%20should%20ensure%20that%20the%20Windows%20PowerShell%20Script%20Execution%20Policy%20is%20set%20to%20%E2%80%9CUnrestricted%E2%80%9D%20on%20the%20server%20being%20upgraded%20or%20installed.%20To%20verify%20the%20policy%20settings%2C%20run%20the%20Get-ExecutionPolicy%20cmdlet%20from%20PowerShell%20on%20the%20machine%20being%20upgraded.%20If%20the%20policies%20are%20NOT%20set%20to%20Unrestricted%20you%20should%20use%20the%20resolution%20steps%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fexchange%2Fplan-and-deploy%2Fdeployment-ref%2Fms-exch-setupreadiness-powershellexecutionpolicycheckset%3Fview%3Dexchserver-2019%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%20to%20adjust%20the%20settings.%3C%2FP%3E%0A%3CP%3EReminder%3A%20Customers%20in%20hybrid%20deployments%20where%20Exchange%20is%20deployed%20on-premises%20and%20in%20the%20cloud%2C%20or%20who%20are%20using%20Exchange%20Online%20Archiving%20(EOA)%20with%20their%20on-premises%20Exchange%20deployment%20are%20required%20to%20deploy%20the%20currently%20supported%20cumulative%20update%20for%20the%20product%20version%20in%20use%2C%20e.g.%2C%202013%20Cumulative%20Update%2023%3B%202016%20Cumulative%20Update%2017%20or%2016%3B%202019%20Cumulative%20Update%206%20or%205.%3C%2FP%3E%0A%3CP%3EFor%20the%20latest%20information%20on%20Exchange%20Server%20and%20product%20announcements%20please%20see%20-ERR%3AREF-NOT-FOUND-What's%20New%20in%20Exchange%20Server%20and%20-ERR%3AREF-NOT-FOUND-Exchange%20Server%20Release%20Notes.%3C%2FP%3E%0A%3CP%3ENote%3A%20Documentation%20may%20not%20be%20fully%20available%20at%20the%20time%20this%20post%20is%20published.%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%23FF6600%22%3EThe%20Exchange%20Team%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1458993%22%20slang%3D%22en-US%22%3E%3CP%3EToday%20we%20are%20announcing%20the%20availability%20of%20quarterly%20servicing%20cumulative%20updates%20for%20Exchange%20Server%202016%20and%202019.%26nbsp%3BThese%20updates%20include%20fixes%20for%20customer%20reported%20issues%20as%20well%20as%20all%20previously%20released%20security%20updates.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1458993%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn%20Premises%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1469594%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1469594%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20to%20have%20additional%20file%20extensions%20in%20OWA%2C%20Pipeline%20support%20in%20Restore-Recoverable%20items.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1470067%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1470067%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%3Ewhat%20about%20the%20complete%20disabling%20of%20TLS%201.0%2F1.1%3F%3CBR%20%2F%3Ehas%20it%20become%20a%20fully%20supported%20configuration%20or%20need%20to%20wait%20for%20additional%20announcements%3F%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1471126%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1471126%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F701926%22%20target%3D%22_blank%22%3E%40Davyd_%3C%2FA%3E%20Do%20you%20know%20this%20three-part%20series%3F%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2%2Fba-p%2F607649%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2%2Fba-p%2F607649%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-tls-guidance-part-2-enabling-tls-1-2-and%2Fba-p%2F607761%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-tls-guidance-part-2-enabling-tls-1-2-and%2Fba-p%2F607761%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-tls-guidance-part-3-turning-off-tls-1-0-1-1%2Fba-p%2F607898%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-tls-guidance-part-3-turning-off-tls-1-0-1-1%2Fba-p%2F607898%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPart%203%20is%20about%20turning%20off%20TLS%201.0%2F1.1%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1473321%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1473321%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%3Eof%20course!%20I%20even%20have%20it%20in%20my%20bookmarks.%20%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%3EThe%20preparatory%20steps%20have%20been%20completed%20for%20a%20long%20time%2C%20but%20as%20far%20as%20I%20understand%20it%20was%20recommended%20to%20wait%20-%20from%20other%20articles%2C%20I%20concluded%20that%20Microsoft%20planned%20to%20release%20the%20final%20recommendations%20and%20patches%20(and%20disable%20tls%201%2F0%2F1.1%20in%20Office%20365)%20just%20at%20this%20time.%3C%2FFONT%3E%3C%2FP%3E%3CP%3ER%3CFONT%3Eunning%20ahead%20of%20the%20Microsoft%20is%20not%20the%20best%20idea.%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1473357%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1473357%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20possible%20to%20disable%20TLS%201.0%2F1.1%20with%20Exchange%202016%20CU9%2B%20and%20the%20latest%20.NET%20which%20is%20supported%20by%20CU%20in%20use.%20Disabling%20TLS%201.0%2F1.1%20was%26nbsp%3Ba%20frequently%20asked%20feature.%20I've%20seen%20many%20customers%20who%20fulfil%20the%20requirements%2C%20running%20TLS%201.2%20only.%26nbsp%3BAre%20you%20referring%20to%20other%20articles%20published%20by%20Microsoft%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1473558%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1473558%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Lukas%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3Ewe%20were%20confused%20by%20this%20piece%20from%203-d%20part%20of%20this%20article%3A%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%22%3CSPAN%3EIt%20is%20our%20intention%20in%20the%20near%20future%20to%20provide%20additional%20guidance%20to%20customers%20on%20the%20cipher%20and%20hashing%20algorithms%20that%20we%20recommend%20be%20used%20to%20best%20secure%20Exchange%20Server%20communications.%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%3Efrom%20it%20we%20concluded%20that%20we%20need%20to%20do%20all%20the%20preparatory%20work%20but%20do%20not%20rush.%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%3Eit%20is%20also%20embarrassing%20that%20Microsoft%20has%20not%20yet%20made%20this%20step%20for%20its%20own%20cloud%3A%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Ftroubleshoot%2Fo365-security%2Fprepare-tls-1.2-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Ftroubleshoot%2Fo365-security%2Fprepare-tls-1.2-in-office-365%3C%2FA%3E%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Ftroubleshoot%2Fo365-security%2Ftls-1-2-in-office-365-gcc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Ftroubleshoot%2Fo365-security%2Ftls-1-2-in-office-365-gcc%3C%2FA%3E%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3Ewe%20have%20more%20than%2010%2C000%20employees%20and%20they%20also%20stay%20at%20home%20so%20discretion%20in%20the%20current%20situation%20is%20justified%20in%20my%20opinion%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1473830%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1473830%22%20slang%3D%22en-US%22%3E%3CP%3EExchange%202019%20use%20TLS%201.2%20only%20with%20a%20customized%20set%20of%20cipher%20suites%20and%20hashing%20algorithms%20by%20default%20(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-2019-now-available%2Fba-p%2F608610%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-server-2019-now-available%2Fba-p%2F608610%3C%2FA%3E).%20We%20have%20removed%20legacy%20ciphers%20and%20hashing%20algorithms%20by%20default.%20This%20is%20not%20the%20case%20when%20it%20comes%20to%20Exchange%202016.%20It's%20possible%20and%20recommended%20to%20disable%20weak%20ciphers%20and%20hashing%20algorithms.%20There%20is%20an%20EHLO%20blog%20post%20from%202015%20talking%20about%20this%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-tls-038-ssl-best-practices%2Fba-p%2F603798%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fexchange-tls-038-ssl-best-practices%2Fba-p%2F603798%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EDeprecation%20enforcement%20of%20TLS%201.0%20and%201.1%20is%20currently%20paused%20due%20to%26nbsp%3BSARS-CoV-2%20(COVID-19).%20There%20are%20millions%20of%20users%20using%20Microsoft%20365%20services%20and%20we%20need%20to%20make%20sure%2C%20that%20everybody%20have%20enough%20time%20to%20prepare%20for%20the%20deprecation%20of%20TLS%201.0%2F1.1%20.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGetting%20rid%20of%20TLS%201.0%2F1.1%20is%20a%20process%20that%20requires%20time%20and%20careful%20planning.%20If%20there%20are%20for%20example%20Windows%207%20%2F%20Server%202008%20R2%20OS%20in%20place%20(hopefully%20not%20%3B))%2C%20you%20need%20to%20make%20sure%20that%20TLS%201.2%20is%20enabled%20as%20default%20for%20WinHTTP%20(%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F3140245%2Fupdate-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F3140245%2Fupdate-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi%3C%2FA%3E).%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFailure%20to%20plan%20carefully%20means%20that%20some%20users%20may%20no%20longer%20be%20able%20to%20access%20the%20service.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1474150%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1474150%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20Lukas!%3C%2FP%3E%3CP%3E%3CFONT%3Ethis%20is%20the%20article%20on%20which%20my%20doubt%20is%20based%3A%26nbsp%3B%3C%2FFONT%3E%20%22For%20now)%20Wait%20to%20disable%20TLS%201.0%20on%20the%20Exchange%20server%22!%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3Ewe%20have%20the%20same%20doubts%20-%20some%20users%20from%20personal%20devices%20still%20connect%20using%20outdated%20protocols%20and%20this%20is%20a%20large%20amount%20of%20organizational%20work%3C%2FFONT%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1474509%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1474509%22%20slang%3D%22en-US%22%3E%3CP%3EOkay%2C%20but%20this%20article%20is%20from%202015%2C%20outdated%20and%20replaced%20by%20the%20newer%20guidance%20(3%20part%20series%20listed%20above)%20since%20we%20added%20support%20to%20completely%20disable%20TLS%201.0%2F1.1%20with%20Exchange%202016%20CU9%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1478671%22%20slang%3D%22en-US%22%3ERe%3A%20Released%3A%20June%202020%20Quarterly%20Exchange%20Updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1478671%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20know%20if%20running%20Get-ADServerSettings%20command%20on%20the%20Exchange%202016%20Edge%20server%20role%20crashes%20with%20following%20error%20has%20been%20fixed%3F%20thanks%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EWARNING%3A%20An%20unexpected%20error%20has%20occurred%20and%20a%20Watson%20dump%20is%20being%20generated%3A%20Unable%20to%20cast%20object%20of%20type%3CBR%20%2F%3E'Microsoft.Exchange.Data.Directory.SimpleServerSettings'%20to%20type%20'Microsoft.Exchange.Data.Directory.RunspaceServerSettings'.%3CBR%20%2F%3EGet-ADServerSettings%20%3A%20Unable%20to%20cast%20object%20of%20type%20'Microsoft.Exchange.Data.Directory.SimpleServerSettings'%20to%20type%3CBR%20%2F%3E'Microsoft.Exchange.Data.Directory.RunspaceServerSettings'.%3CBR%20%2F%3EAt%20line%3A1%20char%3A1%3CBR%20%2F%3E%2B%20Get-ADServerSettings%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~~~~~%3CBR%20%2F%3E%2B%20CategoryInfo%20%3A%20NotSpecified%3A%20(%3A)%20%5BGet-ADServerSettings%5D%2C%20InvalidCastException%3CBR%20%2F%3E%2B%20FullyQualifiedErrorId%20%3A%20System.InvalidCastException%2CMicrosoft.Exchange.Management.ADServerSettings.GetAdServerSettings%3C%2FP%3E%3C%2FLINGO-BODY%3E

Today we are announcing the availability of quarterly servicing cumulative updates for Exchange Server 2016 and 2019. These updates include fixes for customer reported issues as well as all previously released security updates. 

Changes to OWA’s Blocked File Extensions

This quarterly update adds additional file types to the default OWA Mailbox Policy BlockedFileTypes list. The new extensions added to this list are listed in KB4559446. This change was made to increase security by preventing users from being able to download these attachment types.

Addition of Pipelining Support to Restore-RecoverableItems

This update also addresses a customer reported issue whereupon the Restore-RecoverableItems didn’t support pipelining which made its use more difficult. This update adds pipelining support to this cmdlet. You can find more details in KB4547707.

Release Details

The KB articles that describe the fixes in each release and product downloads are available as follows:

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps here to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the currently supported cumulative update for the product version in use, e.g., 2013 Cumulative Update 23; 2016 Cumulative Update 17 or 16; 2019 Cumulative Update 6 or 5.

For the latest information on Exchange Server and product announcements please see What's New in Exchange Server and Exchange Server Release Notes.

Note: Documentation may not be fully available at the time this post is published.

The Exchange Team

11 Comments
Senior Member

Good to have additional file extensions in OWA, Pipeline support in Restore-Recoverable items. 

Frequent Visitor

what about the complete disabling of TLS 1.0/1.1?
has it become a fully supported configuration or need to wait for additional announcements?

Frequent Visitor

of course! I even have it in my bookmarks.

The preparatory steps have been completed for a long time, but as far as I understand it was recommended to wait - from other articles, I concluded that Microsoft planned to release the final recommendations and patches (and disable tls 1/0/1.1 in Office 365) just at this time.

Running ahead of the Microsoft is not the best idea.

Microsoft

It's possible to disable TLS 1.0/1.1 with Exchange 2016 CU9+ and the latest .NET which is supported by CU in use. Disabling TLS 1.0/1.1 was a frequently asked feature. I've seen many customers who fulfil the requirements, running TLS 1.2 only. Are you referring to other articles published by Microsoft?

Frequent Visitor

Hi Lukas, 

we were confused by this piece from 3-d part of this article:

"It is our intention in the near future to provide additional guidance to customers on the cipher and hashing algorithms that we recommend be used to best secure Exchange Server communications."

from it we concluded that we need to do all the preparatory work but do not rush.

 

it is also embarrassing that Microsoft has not yet made this step for its own cloud:

https://docs.microsoft.com/en-us/office365/troubleshoot/o365-security/prepare-tls-1.2-in-office-365

https://docs.microsoft.com/en-us/office365/troubleshoot/o365-security/tls-1-2-in-office-365-gcc

 

we have more than 10,000 employees and they also stay at home so discretion in the current situation is justified in my opinion

Microsoft

Exchange 2019 use TLS 1.2 only with a customized set of cipher suites and hashing algorithms by default (https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-2019-now-available/ba-p/60...). We have removed legacy ciphers and hashing algorithms by default. This is not the case when it comes to Exchange 2016. It's possible and recommended to disable weak ciphers and hashing algorithms. There is an EHLO blog post from 2015 talking about this: https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-tls-038-ssl-best-practices/ba-p/6...

Deprecation enforcement of TLS 1.0 and 1.1 is currently paused due to SARS-CoV-2 (COVID-19). There are millions of users using Microsoft 365 services and we need to make sure, that everybody have enough time to prepare for the deprecation of TLS 1.0/1.1 . 

Getting rid of TLS 1.0/1.1 is a process that requires time and careful planning. If there are for example Windows 7 / Server 2008 R2 OS in place (hopefully not ;)), you need to make sure that TLS 1.2 is enabled as default for WinHTTP (https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-sec...). 

Failure to plan carefully means that some users may no longer be able to access the service.

Frequent Visitor

Thank you Lukas!

this is the article on which my doubt is based:  "For now) Wait to disable TLS 1.0 on the Exchange server"! 

we have the same doubts - some users from personal devices still connect using outdated protocols and this is a large amount of organizational work 

Microsoft

Okay, but this article is from 2015, outdated and replaced by the newer guidance (3 part series listed above) since we added support to completely disable TLS 1.0/1.1 with Exchange 2016 CU9 :smile:

Senior Member

Hello

 

Do you know if running Get-ADServerSettings command on the Exchange 2016 Edge server role crashes with following error has been fixed? thanks


WARNING: An unexpected error has occurred and a Watson dump is being generated: Unable to cast object of type
'Microsoft.Exchange.Data.Directory.SimpleServerSettings' to type 'Microsoft.Exchange.Data.Directory.RunspaceServerSettings'.
Get-ADServerSettings : Unable to cast object of type 'Microsoft.Exchange.Data.Directory.SimpleServerSettings' to type
'Microsoft.Exchange.Data.Directory.RunspaceServerSettings'.
At line:1 char:1
+ Get-ADServerSettings
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADServerSettings], InvalidCastException
+ FullyQualifiedErrorId : System.InvalidCastException,Microsoft.Exchange.Management.ADServerSettings.GetAdServerSettings

Occasional Visitor

Hi All

Does any one apply it

is there any issue found after deployment ?