With the release of Exchange Server 2016 slated for the end of the year it seemed a good time to have a look at what new capabilities it will bring over the existing Exchange 2013 product.
Let’s start with the area that everyone sees – client access.
All access is now via secure HTTPS encrypted connections, whether using the full Outlook client or the newly renamed “Outlook on the web” (formerly Outlook Web App), ensuring data is secure when in transit. While MAPI over HTTP is now the default communication protocol between Outlook and Exchange, clients that don’t support it will fall back to Outlook Anywhere (RPC over HTTP).
Outlook on the web has been enhanced to provide platform-specific experiences for phones (for both iOS & Android), including a “Premium” Android experience for phones when using Chrome on Android 4.2 or later. Search suggestions & refiners have been introduced to anticipate what the user’s looking for and refine that search with contextually-aware filters (such as date range, senders, etc).
Exchange 2016 also brings support for the Active Directory Authentication Library (ADAL) authentication model in Outlook clients on Windows, Android, and other platforms. ADAL enables functionality like two-factor authentication to help improve security of your data.
With the advent of increasingly more powerful servers the primary design goal for Exchange 2016 is now for simplicity of scale, hardware utilization, and failure isolation. Therefore with Exchange 2016 the number of server roles has been reduced to two: the Mailbox and Edge Transport server roles.
The Mailbox server in Exchange 2016 includes all of the server components from the Exchange 2013 Mailbox and Client Access server roles:
- Mailbox services include all the traditional server components found in the Exchange 2013 Mailbox server role: the Client Access protocols, Transport service, Mailbox databases, and Unified Messaging. The Mailbox server handles all activity for the active mailboxes on that server
- Client Access services provide authentication, limited redirection, and proxy services. Client Access services don’t do any data rendering and offer all the usual client access protocols: HTTP, POP and IMAP, and SMTP
Exchange 2016 now allows you to proxy traffic from Exchange 2013 to Exchange 2016 in addition to Exchange 2016 to Exchange 2013. This new flexibility gives you more control in how you move to Exchange 2016.
The Edge Transport role, as in previous versions, is typically deployed in your perimeter network, outside your internal Active Directory forest to handle all internet-facing mail flow, and is designed to minimize the attack surface of your Exchange deployment.
Cloud and Hybrid
When you choose to configure a hybrid deployment in Exchange 2016, you’ll be prompted to download and install the wizard as a small app. The wizard will function the same as in previous versions of Exchange, with a few new benefits:
- The wizard can be updated quickly to support changes in the Office 365 service
- The wizard can be updated to account for issues detected when customers try to configure a hybrid deployment
- Improved troubleshooting and diagnostics to help you resolve issues that you run into when running the wizard
- The same wizard will be used by everyone configuring a hybrid deployment who’s running Exchange 2013 or Exchange 2016
In addition to Hybrid Configuration Wizard improvements, multi-forest hybrid deployments are being simplified with Azure Active Directory Connect (AADConnect). AADConnect introduces management agents that will make it significantly easier to synchronize multiple on-premises Active Directory forests with a single Office 365 tenant.
Hybrid deployments will support the new modern authentication model in Outlook described earlier.
Exchange ActiveSync clients will be seamlessly redirected to Office 365 when a user’s mailbox is moved to Exchange Online.