Microsoft has announced that there will be no security releases for any version of Exchange Server in January 2026, including Exchange SE, Exchange 2016, and Exchange 2019 Extended Security Updates. This marks the first month since the end-of-life announcements that Microsoft has skipped a scheduled security update cycle for Exchange Server.
Microsoft's Exchange Team has issued a notable update for administrators managing Exchange Server deployments: there will be no security updates released for any Exchange Server version in January 2026. This announcement covers Exchange Server Subscription Edition (SE), as well as Exchange 2016 and Exchange 2019 customers who purchased Extended Security Updates (ESU).
What Changed
The January 2026 security update cycle will pass without any Exchange Server patches. This applies across the entire Exchange Server product line:
- Exchange Server Subscription Edition (SE): No updates
- Exchange 2016 ESU: No updates (for customers with active ESU contracts)
- Exchange 2019 ESU: No updates (for customers with active ESU contracts)
This is significant because Microsoft has maintained a consistent monthly security update cadence for Exchange Server for years, typically releasing patches on the second Tuesday of each month (Patch Tuesday). The decision to skip January 2026 represents a departure from this established pattern.
Why Microsoft Is Making This Announcement
Microsoft explicitly states this decision is driven by the current security landscape for Exchange Server. The company has been pushing organizations to migrate away from legacy Exchange Server versions toward Exchange Online or Exchange SE for on-premises deployments. By announcing a month with no updates—even for ESU customers—Microsoft reinforces the urgency of these migrations.
The company's message is clear: "Please keep upgrading your organizations to Exchange SE." This follows Microsoft's broader strategy to reduce the on-premises Exchange Server footprint and encourage cloud adoption.
Exchange Server Version Status
To understand the impact, it's important to know where each Exchange Server version stands:
Exchange 2016: Reached end of mainstream support in October 2020 and end of extended support in October 2025. Only customers with purchased ESU contracts receive security updates, and only through April 2026.
Exchange 2019: Reached end of mainstream support in October 2023. Extended support continues until October 2025, after which only ESU customers will receive updates through October 2026.
Exchange Server Subscription Edition (SE): Microsoft's current on-premises offering, released in July 2023. This is the only Exchange Server version receiving regular updates without additional ESU costs. Exchange SE requires Windows Server 2022 or later and SQL Server 2019 or later.
Extended Security Update Program Context
Microsoft's ESU program provides a critical lifeline for organizations that cannot immediately migrate to Exchange SE or Exchange Online. The program:
- Requires separate purchase through Microsoft Volume Licensing
- Provides security updates only (no new features or non-security fixes)
- Covers Exchange 2016 through April 2026
- Covers Exchange 2019 through October 2026
- Is renewable annually but with increasing costs each year
The January 2026 announcement is particularly relevant for ESU customers because they're paying for security updates. Microsoft's decision to skip a month despite active ESU contracts signals that the company may be reducing its investment in legacy Exchange Server maintenance.
Business Impact and Migration Considerations
For Organizations Still on Exchange 2016/2019
This announcement should serve as a wake-up call. If Microsoft is willing to skip security updates even for paying ESU customers, organizations must accelerate their migration plans. The alternatives are:
Exchange Online: Microsoft's recommended path. This eliminates server management entirely and provides continuous updates as part of the service.
Exchange Server SE: For organizations requiring on-premises control, Exchange SE is the only supported option. However, it requires significant infrastructure upgrades (Windows Server 2022+, SQL Server 2019+).
Third-party email solutions: Some organizations may consider alternatives like Google Workspace or other enterprise email platforms.
Cost Implications
The ESU program is expensive and becomes more costly each year. Organizations paying for ESU but receiving no updates in certain months are essentially paying for insurance. This makes the total cost of ownership for legacy Exchange Server increasingly difficult to justify.
Migration to Exchange Online typically costs less than maintaining ESU contracts plus infrastructure for legacy Exchange Server, especially when factoring in reduced administrative overhead.
Technical Migration Challenges
Moving from Exchange 2016/2019 to Exchange SE or Exchange Online involves:
- Coexistence requirements: Running both environments during migration
- Mailbox moves: Large organizations may have terabytes of mailbox data
- Public folder migration: Complex and often problematic
- Application dependencies: Many organizations have line-of-business applications that integrate with Exchange
- Hybrid configuration: If moving to Exchange Online, hybrid deployment setup is required
What This Means for Exchange SE Customers
Exchange SE customers should view this announcement as both reassuring and concerning:
Reassuring: Microsoft is communicating proactively about the update schedule, even when there are no updates. This transparency helps with planning.
Concerning: If Microsoft skips updates for Exchange SE in the future, it could indicate a reduced commitment to the product. However, Exchange SE is currently the only supported on-premises Exchange Server version, so it's unlikely Microsoft will stop updating it entirely.
Best Practices for Exchange Administrators
Given this announcement, Exchange administrators should:
- Verify ESU status: Confirm your ESU contracts are current if you're still on Exchange 2016/2019
- Audit Exchange inventory: Document all Exchange servers and their versions
- Assess migration urgency: Use this announcement to justify migration budget and resources
- Plan for January 2026: Ensure your security posture accounts for no Exchange updates that month
- Monitor Microsoft communications: Watch for future announcements about Exchange Server update cadence
Looking Ahead
Microsoft's decision to skip a monthly security update for Exchange Server is unprecedented in recent years. It suggests that:
- The Exchange Server product line is entering a true maintenance mode phase
- Microsoft may be reducing the frequency of updates for legacy versions
- Organizations still running Exchange 2016/2019 face increasing risk
- The ESU program may not guarantee monthly updates
This pattern may continue throughout 2026 as Microsoft focuses resources on Exchange Online and Exchange SE.
Conclusion
The January 2026 Exchange Server update skip is a clear signal that organizations must move away from legacy Exchange Server versions. While Microsoft continues to support Exchange SE and honor ESU contracts, the company is reducing its maintenance burden and encouraging migration.
For Exchange 2016 and 2019 customers, this should be the final push needed to initiate migration projects. The cost of ESU, combined with the risk of skipped updates and the approaching end of ESU coverage, makes migration the only sustainable path forward.
Exchange SE remains the option for organizations requiring on-premises control, but the infrastructure requirements and ongoing management overhead mean that Exchange Online is increasingly the strategic choice for most organizations.
Related Resources:
Comments
Please log in or register to join the discussion