I am happy that Microsoft will try to eliminate outdated Exchange servers, and many corporate email administrators probably also are. I spend a lot of my time on third-party risk and third-party breaches. Microsoft's stated reason for throttling outdated Exchange servers is the mail that they send. I'm more concerned about mail they receive, particularly from me. It is well documented that Exchange attacks like ProxyShell have led to loss of confidentiality and the installation of ransomware. Steve argues that organizations running outdated Exchange servers are perfectly happy with their old installations. I doubt it. The reality is that decision makers in the organizations with those servers do not care about security. They prioritize short term savings over the security and privacy of their customers and employees. Email admins and security people (if they exist) in those organizations have probably already made the case to upgrade for security reasons. Now Microsoft is helping them make it happen.
Think about why we have privacy laws. They exist because most organizations will not voluntarily enact burdensome and expensive privacy practices. Most organizations do what they have to do and not much more. I applaud Microsoft for taking this action. I don't want to have to send out a breach notification because one of our third parties and you shouldn't want to receive one.
Think about why we have privacy laws. They exist because most organizations will not voluntarily enact burdensome and expensive privacy practices. Most organizations do what they have to do and not much more. I applaud Microsoft for taking this action. I don't want to have to send out a breach notification because one of our third parties and you shouldn't want to receive one.
Last edited: