Editing Microsoft Exchange Server

{{short description|Calendaring and mail server}}
{{Use American English|date=January 2016}}
{{Use mdy dates|date=October 2018}}
{{Infobox software
| name = Microsoft Exchange Server
| logo = [[File:Microsoft Exchange (2019-present).svg|64px]]
| logo caption = Exchange Server 2019 logo
| developer = [[Microsoft]]
| released = {{Start date and age|1996|04|2}}<ref name="initial-release" />
| operating system = [[Windows Server]]
| platform = [[x64]]
| language = <!-- Please, do not forget your source -->
| genre = [[Collaborative software]]
| license = [[Proprietary software|Proprietary]] [[commercial software]]
}}
'''Microsoft Exchange Server''' is a [[mail server]] and [[calendaring software|calendaring]] server developed by [[Microsoft]]. It runs exclusively on [[Windows Server]] operating systems.

The first version was called Exchange Server 4.0, to position it as the successor to the related [[Microsoft Mail]] 3.5. Exchange initially used the [[X.400]] directory service but switched to [[Active Directory]] later. Until version 5.0, it came bundled with an email client called '''Microsoft Exchange Client'''. This was discontinued in favor of [[Microsoft Outlook]].

Exchange Server primarily uses a proprietary protocol called [[MAPI]] to talk to [[email client]]s, but subsequently added support for [[Post Office Protocol|POP3]], [[Internet Message Access Protocol|IMAP]], and [[Exchange ActiveSync|EAS]]. The standard [[Simple Mail Transfer Protocol|SMTP]] protocol is used to communicate to other Internet mail servers.

Exchange Server is licensed both as [[on-premises software]] and [[software as a service]] (SaaS). In the on-premises form, customers purchase [[client access license]]s (CALs); as SaaS, Microsoft charges a monthly service fee instead.

==History==
{{Main article| History of Microsoft Exchange Server}}
Microsoft had sold a number of simpler email products before, but the first release of Exchange (Exchange Server 4.0 in April 1996<ref name="initial-release">{{Cite web |date=2 April 1996 |title=Microsoft Exchange Server Available |url=https://news.microsoft.com/1996/04/02/microsoft-exchange-server-available/ |access-date=5 Feb 2023 |website=[[Microsoft]]}}</ref>) was an entirely new [[X.400]]-based [[client–server]] groupware system with a single database store, which also supported [[X.500]] directory services. The directory used by Exchange Server eventually became Microsoft's [[Active Directory]] service, an [[Lightweight Directory Access Protocol|LDAP]]-compliant directory service which was integrated into [[Windows 2000]] as the foundation of [[Windows Server domain]]s.

As of 2020, there have been ten releases.
 
===Current version===
The current version, Exchange Server 2019,<ref>{{Cite web|url=https://www.frankysweb.de/microsoft-kuendigt-exchange-2019-an/|title = Microsoft kündigt Exchange 2019 an|date = September 26, 2017}}</ref> was released in October 2018. Unlike other Office Server 2019 products such as SharePoint and Skype for Business, Exchange Server 2019 could only be deployed on Windows Server 2019 when it was released. Since Cumulative Update 2022 H1 Exchange 2019 has been supported on Windows Server 2022.<ref>{{Cite web |date=2022-04-20 |title=Released: 2022 H1 Cumulative Updates for Exchange Server |url=https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2022-h1-cumulative-updates-for-exchange-server/ba-p/3285026 |access-date=2022-04-21 |website=TECHCOMMUNITY.MICROSOFT.COM |language=en}}</ref> One of the key features of the new release is that Exchange Server can be deployed onto Windows Server Core for the first time. Additionally, Microsoft has retired the Unified Messaging feature of Exchange, meaning that Skype for Business on-premises customers will have to use alternative solutions for voicemail, such as Azure cloud voicemail.

=== New features ===
*'''Security:''' support for installing Exchange Server 2019 onto Windows Server Core
*'''Performance:'''  supports running Exchange Server with up to 48 processor cores and 256 GB of RAM

=== Removed features ===
*'''Unified Messaging'''

==Clustering and high availability==
Exchange Server Enterprise Edition supports clustering of up to 4 nodes when using Windows 2000 Server, and up to 8 nodes with Windows Server 2003. Exchange Server 2003 also introduced active-active clustering, but for two-node clusters only. In this setup, both servers in the cluster are allowed to be active simultaneously. This is opposed to Exchange's more common active-passive mode in which the failover servers in any cluster node cannot be used at all while their corresponding home servers are active. They must wait, inactive, for the home servers in the node to fail. Subsequent performance issues with active-active mode have led Microsoft to recommend that it should no longer be used.<ref name=exchangecluster/> In fact, support for active-active mode clustering has been discontinued with Exchange Server 2007.

Exchange's clustering (active-active or active-passive mode) has been criticized because of its requirement for servers in the cluster nodes to share the same data. The clustering in Exchange Server provides redundancy for Exchange Server as an ''application'', but not for Exchange ''data''.<ref name=2k3benefits/> In this scenario, the data can be regarded as a [[single point of failure]], despite Microsoft's description of this set-up as a "Shared Nothing" model.<ref name=clustering/> This void has however been filled by ISVs and storage manufacturers, through "site resilience" solutions, such as geo-clustering and asynchronous data replication.<ref name=storageglossary/> Exchange Server 2007 introduces new cluster terminology and configurations that address the shortcomings of the previous "shared data model".<ref name=highavailability/>

Exchange Server 2007 provides built-in support for asynchronous replication modeled on SQL Server's "[[Log shipping]]"<ref name=sql2kfaq/> in CCR (Cluster Continuous Replication) clusters, which are built on MSCS MNS (Microsoft Cluster Service—Majority Node Set) clusters, which do not require shared storage. This type of cluster can be inexpensive and deployed in one, or "stretched" across two data centers for protection against site-wide failures such as natural disasters. The limitation of CCR clusters is the ability to have only two nodes and the third node known as "voter node" or file share witness that prevents "split brain"<ref name=MSKB/> scenarios, generally hosted as a file share on a Hub Transport Server. The second type of cluster is the traditional clustering that was available in previous versions, and is now being referred to as SCC (Single Copy Cluster). In Exchange Server 2007 deployment of both CCR and SCC clusters has been simplified and improved; the entire cluster install process takes place during Exchange Server installation. LCR or Local Continuous Replication has been referred to as the "poor man's cluster". It is designed to allow for data replication to an alternative drive attached to the same system and is intended to provide protection against local storage failures. It does not protect against the case where the server itself fails.

In November 2007, Microsoft released SP1 for Exchange Server 2007. This service pack includes an additional high-availability feature called SCR (Standby Continuous Replication). Unlike CCR, which requires that both servers belong to a Windows cluster typically residing in the same datacenter, SCR can replicate data to a non-clustered server, located in a separate datacenter.

With Exchange Server 2010, Microsoft introduced the concept of the Database Availability Group (DAG). A DAG contains Mailbox servers that become members of the DAG. Once a Mailbox server is a member of a DAG, the Mailbox Databases on that server can be copied to other members of the DAG. When a Mailbox server is added to a DAG, the Failover Clustering Windows role is installed on the server and all required clustering resources are created.

==Licensing==
Like Windows Server products, Exchange Server requires [[client access license]]s, which are different from Windows CALs. Corporate license agreements, such as the [[EA/SA|Enterprise Agreement]], or EA, include Exchange Server CALs. It also comes as part of the Core CAL. Just like Windows Server and other server products from Microsoft, there is the choice to use User CALs or Device CALs. Device CALs are assigned to devices (workstation, laptop or PDA), which may be used by one or more users.<ref>{{cite web |title=Top 75 Microsoft Licensing Terms – A Glossary From A(ntigen) To Z(une)|url=http://omtco.eu/references/microsoft/top-75-microsoft-licensing-terms-a-glossary-from-antigen-to-zune/|publisher=OMTCO, omt-co Operations Management Technology Consulting GmbH|access-date=April 24, 2013}}</ref> User CALs, are assigned to users, allowing them to access Exchange from any device. User and Device CALs have the same price, however, they cannot be used interchangeably.

For service providers looking to host Microsoft Exchange, there is a Service Provider License Agreement (SPLA) available whereby Microsoft receives a monthly service fee instead of traditional CALs. Two types of Exchange CAL are available: Exchange CAL Standard and Exchange CAL Enterprise. The Enterprise CAL is an add-on license to the Standard CAL.

==Clients==<!--Microsoft Exchange Client redirects here-->
Microsoft Exchange Server uses a [[proprietary protocol|proprietary]] [[remote procedure call]] (RPC) protocol called [[MAPI|MAPI/RPC]],<ref name=exchangeprotocols/> which was designed to be used by [[Microsoft Outlook]]. Clients capable of using the proprietary features of Exchange Server include [[Evolution (software)|Evolution]],<ref name=gnome/> [[Hiri (email client)|Hiri]] and Microsoft Outlook. [[Mozilla Thunderbird|Thunderbird]] can access Exchange server via the Owl Plugin.<ref>{{Cite web|url=https://www.beonex.com/owl/|title=Owl for Exchange|last=Beonex|website=Owl for Exchange|language=en|access-date=2020-02-21}}</ref>

Exchange Web Services (EWS), an alternative to the MAPI protocol, is a documented [[SOAP]]-based protocol introduced with Exchange Server 2007. Exchange Web Services is used by the latest version of [[Microsoft Entourage]] for Mac and Microsoft Outlook for Mac - since the release of [[Mac OS X Snow Leopard]] Mac computers running OS X include some support for this technology via Apple's Mail application.

E-mail hosted on an Exchange Server can also be accessed using [[Post Office Protocol|POP3]], and [[Internet Message Access Protocol|IMAP4]] protocols, using clients such as [[Windows Live Mail]], [[Mozilla Thunderbird]], and [[Lotus Notes]]. These protocols must be enabled on the server. Exchange Server mailboxes can also be accessed through a web browser, using [[Outlook Web App]] (OWA). Exchange Server 2003 also featured a version of OWA for [[mobile device]]s, called Outlook Mobile Access (OMA).

Microsoft Exchange Server up to version 5.0 came bundled with Microsoft Exchange Client as the email client. After version 5.0, this was replaced by Microsoft Outlook, bundled as part of [[Microsoft Office 97]] and later.<ref name=what_is>{{cite web |url=http://www.indiana.edu/~uits/telecom/messaging/whatexchange.html |title=What is the Microsoft Exchange client?}}</ref> When Outlook 97 was released, Exchange Client 5.0 was still in development and to be later released as part of Exchange Server 5.0, primarily because Outlook was only available for Windows. Later, in Exchange Server 5.5, Exchange Client was removed and Outlook was made the only Exchange client. As part of Exchange Server 5.5, Outlook was released for other platforms.

The original [[Windows 95]] "Inbox" client also used MAPI and was called "Microsoft Exchange". A stripped-down version of the Exchange Client that does not have support for Exchange Server was released as [[Windows Messaging]] to avoid confusion; it was included with [[Windows 95 OSR2]], [[Windows 98]], and [[Windows NT 4]]. It was discontinued because of the move to email standards such as SMTP, IMAP, and POP3, all of which [[Outlook Express]] supports better than Windows Messaging.

===Exchange ActiveSync===
Support for [[Exchange ActiveSync]] (EAS) was added to Microsoft Exchange Server 2003. It allows a compliant device such as a [[Windows Mobile]] device or [[smartphone]] to securely synchronize mail, contacts and other data directly with an Exchange server and has become a popular mobile access standard for businesses due to support from companies like [[Nokia]] and [[Apple Inc.]]<ref name=aslicensee/> as well as its device security and compliance features.

Support for [[push email]] was added to it with Exchange Server 2003 Service Pack 2 and is supported by Windows Phone 7,<ref name=asfaq/> the [[iPhone]] and [[Android (operating system)|Android]] phones,<ref name=iphone/> but notably not for [[Apple Inc.|Apple]]'s native [[Mail (Apple)|Mail]] app on [[macOS]].

Exchange ActiveSync Policies allow administrators to control which devices can connect to the organization, remotely deactivate features, and remotely wipe lost or stolen devices.<ref name=activesync/>

==Hosted Exchange as a service==
{{main|Hosted Exchange}}

The complexities of managing Exchange Server—namely running both one or more  Exchange Servers, plus Active Directory synchronization servers—make it attractive for organisations to purchase it as a hosted service.

===Third-party providers===
This has been possible from a number of providers<ref name=hepd/> for more than 10 years, but as of June 2018 is that many providers have been marketing the service as "cloud computing" or "Software-as-a-Service". Exchange hosting allows for Microsoft Exchange Server to be running in the Internet, also referred to as the Cloud, and managed by a "Hosted Exchange Server provider" instead of building and deploying the system in-house.

===Exchange Online===
Exchange Online is Exchange Server delivered as a cloud service hosted by Microsoft itself. It is built on the same technologies as [[on-premises software|on-premises]] Exchange Server, and offers essentially the same services as third-party providers which host Exchange Server instances.<ref name=office365/>

Customers can also choose to combine both on-premises and online options in a hybrid deployment.<ref>{{cite book|title= Microsoft Office 365 Administration Inside Out|last= Puca|first= Anthony|publisher= Microsoft Press|year= 2013|isbn= 978-0735678231|pages= 459–462}}</ref> Hybrid implementations are popular for organizations that are unsure of the need or urgency to do a full transition to Exchange Online, and also allows for staggered [[email migration]].

Hybrid tools can cover the main stack of Microsoft Exchange, [[Skype for Business|Lync]], SharePoint, Windows, and Active Directory servers, in addition to using replica data to report cloud user experience. {{Citation needed|date=January 2016}}

===History===
Exchange Online was first provided as a hosted service in dedicated customer environments in 2005 to select pilot customers.<ref name=hop/> Microsoft launched a multi-tenant version of Exchange Online as part of the Business Productivity Online Standard Suite in November 2008.<ref name=outofbeta/> In June 2011, as part of the commercial release of [[Microsoft Office 365]], Exchange Online was updated with the capabilities of Exchange Server 2010.

Exchange Server 2010 was developed concurrently as a server product and for the Exchange Online service.

==Vulnerabilities and hacks==

=== 2020 ===
In February 2020, an [[ASP.NET]] vulnerability was discovered and exploited relying on a default setting allowing attackers to run arbitrary code with system privileges, only requiring a connection to the server as well as being logged into any user account which can be done through [[credential stuffing]].<ref name=":0">{{Cite web|title=Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!|url=https://www.bleepingcomputer.com/news/security/hackers-scanning-for-vulnerable-microsoft-exchange-servers-patch-now/|access-date=2021-03-20|website=BleepingComputer|language=en-us}}</ref><ref name=":1">{{Cite web|last1=Nusbaum|first1=Scott|last2=Response|first2=Christopher Paschen in Incident|last3=Response|first3=Incident|last4=Forensics|date=2020-02-28|title=Detecting CVE-2020-0688 Remote Code Execution Vulnerability on Microsoft Exchange Server|url=https://www.trustedsec.com/blog/detecting-cve-20200688-remote-code-execution-vulnerability-on-microsoft-exchange-server/|access-date=2021-03-20|website=TrustedSec|language=en-US}}</ref>

The exploit relied on all versions of Microsoft Exchange using the same [[Static variable|static]] validation key to decrypt, encrypt, and validate the 'View State' by default on all installations of the software and all versions of it, where the View State is used to temporarily preserve changes to an individual page as information is sent to the server. The default validation key used is therefore public knowledge, and so when this is used the validation key can be used to decrypt and falsely verify a modified View State containing commands added by an attacker.<ref name=":0" /><ref name=":1" />

When logged in as any user, any [[.aspx|.ASPX]] page is then loaded, and by requesting both the [[session ID]] of the user login and the correct View State directly from the server, this correct View State can be [[Deserialization|deserialised]] and then modified to also include [[Arbitrary code execution|arbitrary code]] and then be falsely verified by the attacker. This modified View State is then serialised and passed back to the server in a [[GET request]] along with the session ID to show it is from a logged-in user; in legitimate use, the view state should always be returned in a [[POST (HTTP)|POST request]], and never a GET request. This combination causes the server to decrypt and run this added code with its own privileges, allowing the server to be fully compromised as any command can therefore be run.<ref name=":0" /><ref name=":1" />

In July 2020, [[Positive Technologies]] published research explaining how hackers can attack Microsoft Exchange Server without exploiting any vulnerabilities.<ref>{{Cite web |last=Sharoglazov |first=Arseniy |title=Attacking MS Exchange Web Interfaces |url=https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/ |access-date=2022-06-18 |website=PT SWARM |date=July 23, 2020 |language=en-US}}</ref> It was voted into Top 10 web hacking techniques of 2020 according to [[PortSwigger Ltd]].<ref>{{Cite web |date=2021-02-24 |title=Top 10 web hacking techniques of 2020 |url=https://portswigger.net/research/top-10-web-hacking-techniques-of-2020 |access-date=2022-06-18 |website=PortSwigger Research}}</ref>

===2021===
{{Main|2021 Microsoft Exchange Server data breach}}
In 2021, critical [[Zero-day (computing)|zero-day]] exploits were discovered in Microsoft Exchange Server.<ref>{{Cite web|date=2021-03-02|title=HAFNIUM targeting Exchange Servers with 0-day exploits|url=https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/|access-date=2021-03-14|website=Microsoft Security|language=en-US}}</ref> Thousands of organizations have been affected by hackers using these techniques to steal information and install malicious code.<ref>{{Cite news|date=2021-03-11|title=Exchange email hack: Hundreds of UK firms compromised|language=en-GB|work=BBC News|url=https://www.bbc.com/news/technology-56365372|access-date=2021-03-12}}</ref> Microsoft revealed that these vulnerabilities had existed for around 10 years,<ref name=2021hackcnbc/> but were exploited only from January 2021 onwards. The attack affected the email systems of an estimated 250,000 global customers, including state and local governments, policy think tanks, academic institutions, infectious disease researchers and businesses such as law firms and defense contractors.<ref name=2021hackcnn/>

In a separate incident, an ongoing [[Brute-force attack|brute-force]] campaign from mid-2019 to the present (July 2021){{Update inline|date=November 2023|reason=2 years later since updated, still says this is ongoing}}, attributed by [[National Cyber Security Centre (United Kingdom)|British]] and American ([[National Security Agency|NSA]], [[Federal Bureau of Investigation|FBI]], [[Cybersecurity and Infrastructure Security Agency|CISA]]) security agencies to the [[GRU (Russian Federation)|GRU]], uses/used publicly known Exchange vulnerabilities, as well as already-obtained account credentials and other methods, to infiltrate networks and steal data.<ref>{{cite web |url=https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/ |title=NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign |website=nsa.gov |publisher=[[National Security Agency]] |access-date=July 2, 2021 |archive-date=July 2, 2021 |archive-url=https://web.archive.org/web/20210702002139/https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/ |url-status=dead }}</ref><ref>{{cite web |url=https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF |title=Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments |website=Defense.gov |publisher=Joint publication form US/UK security agencies |access-date=July 3, 2021}}</ref>

===2023===
In September 2023, Microsoft was notified that Microsoft Exchange is vulnerable to [[remote code execution]] including data theft attacks. Microsoft has not fixed these issues yet.<ref>[https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/ New Microsoft Exchange zero-days allow RCE, data theft attacks]</ref>

==See also==
*[[History of Microsoft Exchange Server]]
*[[Comparison of mail servers]]
*[[Extensible Storage Engine]]
*[[List of collaborative software]]
*[[Innovative Communications Alliance]] (Microsoft - Nortel)
*[[2021 Microsoft Exchange Server data breach]]

==References==
{{Reflist|30em|refs=

<!--
<ref name=fax>{{cite web |title=How to Set Up a Fax Server or Fax Client with Microsoft Fax|url=http://support.microsoft.com/kb/141292/en-us|publisher=Microsoft|access-date=October 28, 2012}}</ref>

<ref name=pst>{{cite web |title=The Microsoft Exchange Server 4.0 team invented .pst format for personal archives|url=http://support.microsoft.com/kb/297019/|publisher=Microsoft|access-date=October 28, 2012}}</ref>-->

<ref name=exchangecluster>{{cite web |title=Considerations when deploying Exchange on an Active/Active cluster |url=http://support.microsoft.com/default.aspx?scid=kb;en-us;815180&product=exch2003|publisher=Microsoft|access-date=October 28, 2012}}</ref>

<ref name=2k3benefits>{{cite web |title=The benefits of Windows 2003 clustering with Exchange 2003 |url=http://blogs.technet.com/exchange/archive/2004/06/09/152186.aspx|publisher=The Exchange Team Blog|access-date=October 28, 2012|date=June 9, 2004}}</ref>

<ref name=clustering>{{cite web |title=Exchange Clustering Concepts |url=https://technet.microsoft.com/en-us/library/aa996210(v=exchg.65).aspx|publisher=TechNet|access-date=October 28, 2012|date=February 9, 2006}}</ref>

<ref name=storageglossary>{{cite web |title=Storage Glossary: Basic Storage Terms |url=http://www.microsoft.com/windowsserversystem/storage/storgloss.mspx |work=[[Microsoft TechNet|TechNet]] |publisher=[[Microsoft]] |access-date=October 28, 2012 |date=March 8, 2005 |archive-url=https://web.archive.org/web/20070715104847/http://www.microsoft.com/windowsserversystem/storage/storgloss.mspx |archive-date=July 15, 2007}}</ref>

<ref name=highavailability>{{cite web |title=High availability |url=http://www.microsoft.com/technet/prodtechnol/exchange/E2k7Help/d2efb6f9-f70a-4f96-9f8d-f7aad6ae83d7.mspx|publisher=TechNet|access-date=July 2, 2007|date=March 8, 2005}}</ref>

<ref name=sql2kfaq>{{cite web |title=Frequently asked questions—SQL Server 2000—Log shipping |url=http://support.microsoft.com/kb/314515/en-us|publisher=Microsoft|access-date=October 28, 2012|date=March 8, 2005}}</ref>

<ref name=MSKB>{{cite web |title=An update is available that adds a file share witness feature and a configurable cluster heartbeats feature to Windows Server 2003 Service Pack 1-based server clusters |url=http://support.microsoft.com/kb/921181/en-us|publisher=Microsoft|access-date=October 28, 2012}}</ref>

<ref name=hepd>{{cite web |title=Hosted Exchange Partner Directory |url=http://www.microsoft.com/serviceproviders/solutions/catalog.aspx|publisher=Microsoft|access-date=October 28, 2012}}</ref>

<ref name=office365>{{cite web |title=Microsoft Exchange Online for Enterprises Service Description|url=http://www.microsoft.com/download/en/details.aspx?id=13602|publisher=Microsoft|access-date=October 28, 2012}}</ref>

<ref name=hop>{{cite web |title=Microsoft hops into managed PC business|url=http://news.cnet.com/Microsoft-hops-into-managed-PC-business/2100-1011_3-5609320.html|publisher=CNET News|author=Ina Fried|access-date=October 28, 2012|date=March 10, 2005}}</ref>

<ref name=outofbeta>{{cite web |title=Microsoft hops into managed PC business|url=http://www.microsoft.com/presspass/press/2008/nov08/11-17ExchangeSharePointOnlinePR.mspx|publisher=Microsoft|access-date=October 28, 2012|date=November 7, 2008}}</ref>

<ref name=exchangeprotocols>{{cite web |title=Exchange Server Protocols|url=http://msdn.microsoft.com/en-us/library/cc307725(EXCHG.80).aspx|publisher=Microsoft|access-date=October 28, 2012|date=November 7, 2008}}</ref>

<ref name=gnome>{{cite web |title=Evolution/FAQ - GNOME Live!|url=https://live.gnome.org/Evolution/FAQ#Evolution_Exchange_.28formerly_known_as_Connector.29|publisher=Microsoft|access-date=October 28, 2012}}</ref>

<ref name=2021hackcnbc>{{cite web |title=Microsoft's big email hack: What happened, who did it, and why it matters|date=March 9, 2021 |url=https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html|publisher=CNBC|access-date=March 14, 2021}}</ref>

<ref name=2021hackcnn>{{cite web |title=Here's what we know so far about the massive Microsoft Exchange hack|date=March 10, 2021 |url=https://edition.cnn.com/2021/03/10/tech/microsoft-exchange-hafnium-hack-explainer/index.html|publisher=CNN|access-date=March 14, 2021}}</ref>

<!-- Unused citations-->
 
<!--<ref name=2k10release>{{cite web |title=Microsoft releases Exchange 2010, acquires Teamprise|url=http://news.cnet.com/8301-13860_3-10393208-56.html?tag=mncol|publisher=Beyond Binary - CNET News|author=Elizabeth Montalbano|access-date=October 28, 2012|date=November 9, 2009}}</ref>-->

<ref name=aslicensee>{{cite web |title=Microsoft Exchange ActiveSync Licensees|url=http://www.microsoft.com/exchange/2007/evaluation/features/owa_mobile.mspx |publisher=Microsoft|access-date=October 28, 2012}}</ref>

<ref name=asfaq>{{cite web |title=Exchange ActiveSync: Frequently Asked Questions|url=https://technet.microsoft.com/en-us/exchange/bb288524.aspx|publisher=TechNet|access-date=October 28, 2012}}</ref>

<ref name=iphone>{{cite web |title=Exchange ActiveSync|url=https://technet.microsoft.com/en-us/library/aa998357(v=exchg.150).aspx|publisher=Apple|access-date=October 28, 2012}}</ref>

<ref name=activesync>{{cite web |title=Apple - iPhone in Business|url=https://www.apple.com/iphone/business/|publisher=TechNet|access-date=October 28, 2012}}</ref>

}}

==External links==
<!-- ======================== {{No more links}} ============================
    | PLEASE BE CAUTIOUS IN ADDING MORE LINKS TO THIS ARTICLE. Wikipedia  |
    | is not a collection of links nor should it be used for advertising. |
    |                                                                     |
    |           Excessive or inappropriate links WILL BE DELETED.         |
    | See [[Wikipedia:External links]] & [[Wikipedia:Spam]] for details.  |
    |                                                                     |
    | If there are already plentiful links, please propose additions or   |
    | replacements on this article's discussion page, or submit your link |
    | to the relevant category at the Open Directory Project (dmoz.org)   |
    | and link back to that category using the {{dmoz}} template.         |
=========================== {{No more links}} ============================= -->
*{{Official website|https://products.office.com/exchange|Microsoft Exchange Server}} – official site

{{Email servers}}

[[Category:Groupware]]
[[Category:Message transfer agents|Exchange]]
[[Category:Microsoft email software|Exchange Server]]
[[Category:Windows Server System|Exchange Server]]
[[Category:1996 software]]
[[Category:Microsoft Office servers]]