Minor versions of Entra Connect Sync are (mostly) installed automatically. Major upgrades need to be installed manually, so after downloading the latest version from the Microsoft download center.
When trying to download Entra Connect Sync version 2.5.3.0 the only thing that was downloaded was the DecommissionDownloadCentre.pdf file, and it stated the following:
Important Update: New Entra Connect Sync Versions on Entra Portal Only Following up on our earlier What’s New communication, new versions of Entra Connect Sync are only available on the Microsoft Entra Connect blade within Microsoft Entra Admin Center and will no longer be released to the Microsoft Download Centre.
It took me some time, but logon to the EntraID portal (https://entra.microsoft.com) and navigate to the Entra Connect blade. Next to Version you will see the option to download the latest Entra Connect Sync version, as shown in the following screenshot:
The upgrade itself is not difficult. Download the latest version, start the MSI file, click on Upgrade and follow the wizard.
When finished, close the wizard and check the latest version of EntraID Connect in the Control Panel or using PowerShell with the following command:
Today, July 1st, 2025, Microsoft released Exchange Server Subscription Edition (SE) as the successor of Exchange Server 2019.
Exchange Server SE in itself is not that exciting, it is 100% binary compatible with Exchange 2019 CU15 with the latest May 2025 Hotfix Update, except for the license agreement (EULA) and the build and version number.
This makes it very easy to do an in-place upgrade from Exchange 2019 CU14 or CU15, or a regular migration where Exchange Server SE is installed in an existing Exchange 2016 environment. Please note that Exchange Server SE cannot be installed in an existing Exchange 2013, just like Exchange 2019 CU15.
The last couple of months I did several presentation on Exchange Server SE and did several project to prepare for Exchange Server SE. The most asked question was “what about the subscription?”.
That’s not too difficult. The subscription is in the license, not in the product. The perpetual license has been discontinued and replaced with a subscription license. As for Exchange Server SE, there’s no online license checking or revocation (for now), and there’s still no need to connect your Exchange SE servers directly to the Internet (but it has some advantages, especially for services like the EEMS or the Feature Flighting service).
Why is this an important update and important timing? On October 14, 2025 which is less than four months from now, Exchange Server 2016 and Exchange 2019 will reach end-of-life and will no longer be supported by Microsoft. These products will of course continue to run, but Microsoft will no longer release any security updates for both products.
If you are still running on an older version of Exchange Server, you are running out of time and you must start an upgrade project soon and upgrade to Exchange 2019 CU14/CU15 of Exchange Server SE when possible.
Today Microsoft silently released an update to their Exchange roadmap, which includes information regarding Exchange 2019 CU15 and Exchange vNext. You can read all the Microsoft marketing stuff on the Exchange Server Roadmap Update article.
What’s new is that vNext is rebranded to Exchange Server Subscription Edition, just like we have Sharepoint Subscription Edition.
The most important part about Exchange Server Subscription Edition is that it is ‘code equivalent’ to Exchange 2019 CU15. So, if you have Exchange 2019 CU15 running later this year, then updating to vNext is just a matter of an in-place upgrade. There’s one thing we need to look out for, the underlying Operating System. If you install CU15 on Windows Server 2022 (or worse, on Windows Server 2019) and SE only supports Windows Server 2025 we will be very unhappy 🙂
What are new features in Exchange 2019 CU15 and thus Exchange Server SE?
Support for TLS 1.3 (which was planned for CU14).
Certificate management in the Admin Center.
Removal of the UCMA (makes sense, since there won’t be any support for Unified Messaging.
Removal of the MSMQ components in the setup application (MSMQ components are not needed in earlier versions of Exchange 2019, please check the Exchange 2019 requirements article).
Re-introducing certificate management in the Admin Center.
So, when can we expect Exchange Server Subscription Edition? As Exchange Server SE is identical to Exchange 2019 CU15 (in will include the necessary security updates of course) the only difference is the licensing of Exchange Server SE. You need a subscription license for the server, and old Client Access Licenses are no longer supported and you can use the regular Office 365 licenses for clients.
Microsoft states it will be available early Q3 2025, which means early July 2025. Since support for Exchange 2016 and Exchange 2019 will end in October 2025 Microsoft cannot afford to slip this date since you need sufficient time to upgrade from earlier versions of Exchange server.
What’s also interesting is that Microsoft is already releasing information about Exchange Server SE CU1, which should be released by the end of 2025 (can slip though).
The most interesting features in Exchange Server SE are Kerberos authentication for server-to-server authentication, the removal of Outlook Anywhere and the deprecation of Remote PowerShell. This brings Exchange server SE nicely inline with Exchange Online.
There’s one very important announcement Microsoft makes: Exchange server SE CU1 will stop supporting co-existence with ALL PREVIOUS VERSIONS of Exchange server. So, this means that in that timeframe, only Exchange Server SE CU1 (and later) will be supported and all previous versions of Exchange server must be removed from your environment.
Exchange Server SE is still approx 18 months away from now, but it is time to start thinking about your Exchange environment. Do you want to fully move to Exchange Online, or do you want to keep mailboxes on-premises in Exchange Server? If so, it’s time to start working on moving to Exchange 2019 CU14 and upgrade to CU15 later this year (or skip CU14 and move directly to CU15).
It is not a strange idea, I’m currently working with three large Exchange 2016 on-premises deployments to move them to Exchange 2019 and prepare for Exchange server SE.
Last week a bug in Azure AD Connect version 2.0.88.0 was discovered where disabled accounts were no longer synced to Azure AD. In a hybrid Exchange environment that can be disastrous since shared Mailboxes depend on a disabled account. The result was that these shared Mailboxes in Exchange Online were deleted, or that user mailboxes in Exchange Online could no longer see and access shared Mailboxes that were still on-premises. This is solved in Azure AD Connect version 2.0.89.0. Luckily this was a download upgrade, and not an automatic upgrade!
But this led me to check my own Azure AD Connect server, and I found out that I am still running Azure AD Connect version 1.6.16.0. While still supported (until August 31, 2022) it is a good idea to upgrade to the latest Azure AD Connect 2.x version. At the same time, it’s a good moment to upgrade to Operating System to Windows Server 2019.
To achieve this, you can export the existing Azure AD Connect configuration into an JSON file and use this JSON file as input for the installation of the new Azure AD Connect version. To export the existing configuration, open Azure AD Connect, click Configure and select the View or export current configuration option and click Next to continue. On the Review Your Solution windows click Export Settings and store the export file somewhere.
The next step is to copy the JSON file to the new Windows 2019 server, download the latest Azure AD Connect version and start the setup. DO NOT USE the Express Setup but select Customize. On the Install required components, check the Import synchronization settings checkbox, and select the JSON file that was copied from the old server. Click Install to continue.
Azure AD Connect will now be install with the settings of the old Azure AD Connect server. In the following windows select the sign-in option, enter the (global) admin credentials, enter the domain admin credentials and in the Ready to configure window click Install.
Please note that the Enable staging mode is automatically selected. This means that after installation, Azure AD Connect will start to collect information from Active Directory and Azure AD and store this in its local database, but it will not start synchronizing. The old Azure AD Connect server will continue to synchronize. After a couple of minutes, the installation will finish and it will show a message that the configuration settings are successfully imported.
It can take some time before the new server’s database is fully filled with information. For large organizations I’ve seen up to 4 hours to achieve this. When synchronized you can switch between the two. This is a matter of placing the old server in staging mode, en take the new server out of staging mode. To do this, start Azure AD Connect and select Configure staging mode. Enter your (global) admin credentials and check Enable staging mode (old server) or uncheck Enable staging mode (new server), click Next and click Configure. Make sure that you have only one active Azure AD Connect server running at a given moment!
The new server is now operational and synchronizing data.
Please note that if you have any additional services running on the Azure AD Connect server like Password protection proxy or Self-Service Password Reset (SSPR) you have to install and configure these on the new server as well!
In my environment I had the password protection proxy running. Upgrading is just a matter of installing the new proxy on the new Azure AD Connect server. Before decommissioning the old server, make sure you remove the correct Service Connection Point (SCP) from Active Directory.
You can use the following commands to retrieve a list of SCPs for the password proxy:
You will see both SCPs in Active Directory and you can use the Remove-ADObject command to delete the old SCP as shown in the following screenshot:
At this moment the old Azure AD Connect server can be decommissioned. Don’t forget to remove the old Azure AD Connect server from the Azure AD Portal as well.
As you should (must) know, Exchange 2010 support will end this October. At that point, Microsoft will stop all support for Exchange 2010, including all security fixes. If you are still running Exchange 2010, you must act now and start moving to Exchange 2016 or to Office 365. For an Exchange 2010 to Office 365 migration I have written a couple of blogs before:
But what most people don’t realize is that Exchange 2016 mainstream support will also end this October. From that point forward, Exchange 2016 will be in extended support. This means no more Cumulative Updates and only Security Updates will be released when there updates are marked as ‘critical’.
Note. There’s no direct upgrade path from Exchange 2010 to Exchange 2019, so if you want to follow this route, you must move to Exchange 2016 first, followed by a migration to Exchange 2019.
If you move to Office 365 and have moved all your Mailboxes to Exchange Online, things are getting interesting. In this situation, you still need at least one Exchange server on-premises for management purposes. Microsoft supplies a free Exchange 2016 hybrid license for this situation (there is no free Exchange 2019 hybrid license!), and Microsoft is committed to support this configuration. At least until the moment a final solution is delivered by Microsoft to remove that last Exchange server from your on-premises organization. According to Microsoft, “this does not increase your risk profile in any way” as stated in their article “Exchange Server 2016 and End of Mainstream Support”.
If you still have mailboxes on-premises, the Microsoft recommendation is to move to Exchange 2019. Mainstream support for Exchange 2019 will end on January 1st, 2024, and extended support for Exchange 2019 will end on October 14, 2025 (this is the same date as end of extended support for Exchange 2016).
What to do
If you are still on Exchange 2010, I would urge you to move to Exchange 2016 as soon as possible. Mainstream support for Exchange 2016 will stop this October, but according to Microsoft you are still safe since Security Updates will be released when needed. There’s no direct need to upgrade to Exchange 2019 at this moment, but this is something you must consider the upcoming time. I do know customers however that only want products that are in mainstream support, so if you are in this boat you must move to Exchange 2019 of course.
If you are running Exchange 2013, you must start moving to Exchange 2019 anytime soon for optimal support and skip Exchange 2016.
If you are in an Exchange 2016 hybrid scenario and all your mailboxes are in Exchange Online, you are safe to stay in this situation until Microsoft releases a final solution for that dreaded last Exchange server on-premises for management purposes.
Jaap Wesselius 
You must be logged in to post a comment.