This article clarifies the benefits of Exchange SE and explains how OVHcloud orchestrated the upgrade of thousands of servers at such a large scale.

New Exchange upgrade: from Exchange 2019 to Exchange Server Subscription Edition (SE)

Microsoft is opening a new chapter for its email server: with Exchange Server Subscription Edition (SE), the publisher is moving away from the major version model (2016, 2019, etc.) to adopt the Modern Lifecycle Policy. In practical terms, Exchange is becoming an ‘evergreen’ platform – updated continuously with patches, improvements, and new features, rather than through one-off releases – similar to the Windows 10 or Windows 11 model.

What this changes for Exchange SE users

The interface and usage will feel familiar. The major difference is the continuous pace of development: new features and improvements for Exchange SE will arrive via cumulative updates (CUs), without waiting for the next “big release”. The new features start with SE CU1 and will continue from there.

• Modernised search and indexing
• New themes and interface adjustments
• Contacts link with LinkedIn
• Embedding and playing videos in emails
• Server-side performance optimisations

This list will change as updates are made, and is detailed on Microsoft Learn.

A smooth and transparent upgrade for your end users, led by OVHcloud

The transition to Exchange Server SE affects all organisations. At OVHcloud, we have managed this update end-to-end so that it is invisible to end users and managed for administrators.

Our teams operate thousands of Exchange servers on a daily basis. For years, we have industrialised critical operations (updates, integrity checks, post-deployment verifications) to make them automated, repeatable, and safe. This approach allowed us to complete the migration to Exchange SE more than fifteen days before the end of support for Exchange 2019 (14 October 2025), while ensuring service continuity.

In practical terms:

• OVHcloud hosted Exchange solutions: users were not affected by any service interruptions.
• Private Exchange: a short intervention window (less than two hours) was needed; notifications were sent to the affected customers before and after the migration.

This operational excellence has resulted in up-to-date, secure, and high-performing messaging, while keeping pricing competitive thanks to the time and efficiency gains achieved through our industrialisation.

Conclusion

OVHcloud has completed the migration to Exchange Server SE, ensuring all its customers have up-to-date, maintained, and secure messaging. Thanks to our industrialised operations, the switch was made ahead of schedule, with no interruptions on shared platforms and with controlled windows for Private Exchange. Now, you get to enjoy a high-performing environment, ready to continuously receive Exchange SE improvements.

We at OVHcloud are committed to providing secure and professional email services that meet the latest industry standards. To boost security, we’re disabling TLS 1.0 and 1.1 protocols on our Exchange solutions, in line with international standards.

Are you using a recent and updated email client? You don’t need to do anything; all email clients have already been updated and support the latest TLS (1.2). Action is needed only if you’re running a very old version.

We’re ditching older TLS versions and stepping up security across OVHcloud Exchange services. This blog will cover what’s changing and the measures we’re taking to keep your data safe. 

TLS 1.0 and 1.1 deprecations

To improve security and service quality, we’re disabling TLS 1.0 and 1.1 on all our OVHcloud Exchange solutions.
While some Microsoft systems may still use them, these TLS versions have security holes and were officially deprecated in 2021. Plus, they are already disabled on most Microsoft services, including several Exchange options.

Single-standard supported protocols

Our goal is to apply the same configuration across all infrastructure. Since these protocols are already inactive on most of our servers, updating will standardise our setups and elevate security.

Supported ciphers

We’re also making adjustments to ciphers, so only the following will be supported:

• “TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384“
• “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256“
• “TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384“
• “TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256“

Keep in mind, only older operating systems (outdated printers or unsupported systems) might have issues.

Customers can use the SSL Labs tool to see which encryption protocols their machine supports.

We use the best practices from the 2020 version 1.6 guides, see here.

HSTS protocol activation

We also use the HTTP Strict Transport Security (HSTS) protocol to keep connections between customers and OVHcloud Exchange servers secure.

This protocol helps to:

• enforce TLS usage by blocking unencrypted connections;
• protect against Man-in-the-Middle (MITM) attacks and block redirects/downgrades to unsecured HTTPS connections;
• automatically switch from HTTP to HTTPS for higher user security.

OVHcloud customers won’t notice this update, which will be automatic—no action needed.

Exchange update management

Monthly update process

Microsoft releases security updates for Microsoft Exchange Server every Patch Tuesday. OVHcloud applies these patches every month to bolster security for its Exchange solutions.

Our update process

• The 2^nd Tuesday of each month: Microsoft update release.
• Microsoft partnership: Thanks to our strong partnership, we have access to detailed information on patches and product releases. This gives us a better idea of how much work the next update will involve, so we can plan ahead.
• Vulnerability severity analysis:
  • Moderate risk → Maintenance is planned and staggered to minimise service disruptions.
  • High risk → A dedicated team starts maintenance right after the patches are released.

Update notifications

• PRIVATE solution customers are notified at the start and end of updates.
• RESELLER, HOSTED, MXPLAN, TRUSTED, and EMAILPRO customers can use Exchange’ clustering to track maintenance progress on the OVHcloud status page.

Real-Time monitoring and protection

We use several monitoring tools, developed in-house or provided by third-party vendors, to:

• monitor the exposure of OVHcloud Exchange services on the internet;
• detect vulnerabilities and unusual activity in real time;
• generate alerts and reports for instant analysis and troubleshooting.

Advanced spam protection

Our OVHcloud Exchange solutions include a European anti-spam system that filters messages before they reach your inbox.

Benefits of spam filtering:

• advanced detection of fraudulent and phishing emails;
• smart filtering based on machine learning;
• significant decrease in spam and malicious emails.

HTTP request management update

Host Header Removal

We’re currently fixing a server issue related to incorrect HTTP Host header usage. An invalid HTTP host header in a web request causes the server to immediately abort the request—this is specific to HTTP 1.0.

Server Header Removal

The HTTP server stops sending the header.

To recap…

We’re upgrading OVHcloud Exchange security by phasing out less secure TLS 1.0/1.1 protocols, bringing it in line with internationals security standards.
Regular updates, HSTS activation, continuous monitoring, and advanced anti-spam protection guarantee a secure, high-performance Exchange environment for all our customers.

Got questions about this update? Reach out to our technical support team.