The March quarterly release updates for Exchange Server are now available on the download center (links below). These releases include all previously released updates, fixes for customer reported issues and limited new functionality. Exchange Server 2010 SP3 Update Rollup 20 was released as a security update previously this month as well.
Exchange Server Support for TLS 1.2
With the March 2018 updates, Exchange fully supports TLS 1.2 on all supported Exchange versions. Brian Day has taken on the task of documenting and helping customers de-mystify the complexity involved with transitioning to TLS 1.2. Customers looking to implement TLS 1.2 should definitely review the published guidance before attempting to move to TLS 1.2. While implementing TLS 1.2 support in Exchange, we have chosen to consume and support the version TLS settings provided via the underlying operating system. This should dramatically ease the adoption of newer versions of TLS go forward.
Support for .NET Framework 4.7.1
Reminder that customers should be in the process of moving to .NET Framework 4.7.1. .NET Framework 4.7.1 will be required on Exchange Server 2013 and 2016 installations starting with our June 2018 quarterly releases. Customers should plan to upgrade to .NET Framework 4.7.1 after applying March 2018 quarterly release to avoid blocking installation of the June 2018 quarterly releases for Exchange Server 2013 and 2016.
KB articles that describe the fixes in each release are available as follows:
None of the updates released today include new Active Directory schema since the September 2017 quarterly updates were released. If upgrading from an older Exchange version or cumulative update, Active Directory schema updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade. The Exchange Administrator should execute SETUP /PrepareAD to ensure RBAC roles are current. PrepareAD will run automatically during the first server upgrade if Exchange Setup detects this is required and the logged on user has sufficient permission.
Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.
Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.
Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., 2013 CU20, 2016 CU9) or the prior (e.g., 2013 CU19, 2016 CU8) Cumulative Update release.