Exchange 2013/2016 Cumulative Updates and Hybrid Environment.

Exchange 2016 CU2 and Exchange 2013 CU13 now supports .NET Framework 4.6.1

Today Microsoft Exchange Team made announcement of not one but two cumulative updates, one for Exchange 2013 which is Cumulative update 13 and Cumulative CU2 for Exchange 2016.  With these CU updates .NET 4.6.1 is officially supported now.

I’d like to start with Hybrid Deployment first

Minimum CU For Hybrid environments

So if you are and Exchange 2013 or Exchange 2016 or mix of both then you have no choice EXCEPT  upgrade to either CU12 minimum (.NET 4.6.1 is not supported on CU12) or CU1 at minimum (.NET 4.6.1 is not supported on CU1) respectively. So if you on hybrid and want to be at the upgrade to  .NET 4.6.1 then you have to be on the latest CU Levels.

How to proceed?

Do not install .NET 4.6.1 directly on your existing CU, first you need to upgrade to CU13 for Exchange 2013 and CU2 for Exchange 2016, this is the recommendation as per #msexchange team.

  • Exchange Server 2016 Cumulative Update 2 does include updates to Active Directory Schema

Post CU installation

(these three KB article solves the same issue of course you need separate hot fix for all the OS)

Migration to Modern Public Folder Resolved

The issue reported in KB3161916 has been resolved.

To prevent any installation issue
make sure that Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded to.

SHA-2 Support for Self-Signed Certificates

The New-ExchangeCertificate cmdlet has been updated to produce a SHA-2 certificate for all self-signed certificates created by Exchange. Customers may opt to replace existing non-SHA2 certificates generated by previous releases as they see fit.

Support for Exchange 2010 ???

Exchange 2010 is still not support and will never be as per Jeff Guillet – (read his own comment at the bottom of this post)

For full details checkout #msExchange Team Blog

Calendar Sharing in App still not possible. Outlook for iOS and Android – What it has and What is missing.

A year ago Microsoft launched the App Outlook for iOS and Android,  which is a very user friendly app.. This app does a phenomenal job on iOS (I’ve not used it on Android) in terms of composing email, send/receive emails and pretty what you need to stay connected. It has swipe feature , you can swipe RIGHT  or LEFT  to take actions like archive, delete, move, flag, mark as read/unread or schedule. Unlike other email apps, Outlook lets you personalize these swipe gestures to match your unique email habits. It is simple and amazing 🙂 with a – BUT ONLY FEATURE WITH SWIPE (wish they gave drop down menu for swipe), so if you swipe to left it will Archive (enabled by default) and if you swipe right then it will Schedule (enabled by default) it for you.


Outlook for iOs



Customize Your Swipe SettingsswipeoptiniOS



Add 3rd Party Calendar Apps but still lacking to add someone else calendar in your Exchange / O365 Organization

Here you can add 3rd party calendar apps such as Facebook Events etc. I’m surprised here that why Microsoft Office 365 Team was in a rush to put these social media event/calendar App instead of adding the feature to add multiple Exchange calendar which more productive for any type of business. 



Apps Links (I believe this App is still on AWS and stores your password – If you are security freak like me then I’d not recommend, atlas not for you corporate email account)

Are you still behind Exchange 2013 CU 12?

Issues that this cumulative update fixes


  • The Cumulative Update 12 package can be used to run a new installation of Exchange Server 2013 or to upgrade an existing Exchange Server 2013 installation to Cumulative Update 12.
  • It is not necessary to install any Exchange Server 2013 Cumulative Updates or Service Packs released prior to Cumulative Update 12 before you install Cumulative Update 12.

Again I’m going to write about why and what are most important reasons to upgrade. In my opinion the issues either are high visible to end-user or related to end-user productivity or impacting on the production.

So if you are still on Exchange 2013 Cu11, this is the time to upgrade it to Cu12 and it’s been already released since last month as of March 15, 2016. Next update will be sometime in June. So there are still some very good reasons to upgrade to Exchange 2013 CU12.

You can download the Exchange 2013 CU12 from here


Are you still behind on Cumulative Update 11 For Exchange 2013

This is not very common these days but still some organizations are other three months behind or six months behind the Exchange 2013 Cumulative Updates. or you may have setup a new Exchange 2013 you may want to bring it up to the updated CU.

So if you are even no onto the CU11 , below are the some important (depending on the scenario) updates it covers, not all are very important but some of them are very critical .

Here is the list of important updates in my opinion I’d consider upgrading to CU11.

To get the full list of al the update here is the TechNet url


Anti-spam in Microsoft Exchange 2013 Server

Exchange 2013 Mailbox Server comes with Anti-spam agents , either you install it at the time of installing the mailbox server or you can install them later using the script which I will show in this post.

Typically, you would enable the anti-spam agents on a mailbox server if your organization doesn’t have an Edge Transport server, or doesn’t do any prior anti-spam filtering before accepting incoming messages. So If you already have a anti-spam on the perimeter then you want to avoid multiple layer of security and if not then you will have to make use of anti-spam feature available in Exchange 2013.

Installing anti-spam feature from the built-in script



Restarting MS Exchange Transport Service for the changes to be implementedantispam3

Transport Agents after installing the Anti-spam agent


Now here we need to set the IP Blocklist Provider , such as Spamhaus and Spamcop and many other from the internet. These are available online scan engine which are realtime and Exchange can be configured to use them.




Now we are going to configure the Sender ID Configuration. Here is the default setting and later we will configure as we need to




You can leave the Spoofed Domain Action to “StampStatus” if you do not want to Delete and want to do some troubleshooting




Now finally I’ve configured the quarantined mailbox for the content filtering


The cmdlet I’ve used

Restart MSExchange Transport SErvice
Add IP BlockList Provider
Set SenderID Config
Set Content Filter