Exchange 2016, 2019 support ends soon: What IT should do to stay secure

Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth paying attention to now. These products will keep working past that deadline, but without security updates or tech support, they’ll be risky to keep in production.

What’s ending and when?

The key date to remember is October 14, 2025. On that day, Microsoft will officially stop supporting:

• Exchange Server 2016
• Exchange Server 2019
• Outlook 2016 (as part of Office 2016)

Support will also end for the full Office 2016 suite and Office 2019 on the same day. Once these products reach end of support, they’ll stop receiving bug fixes, technical support, and most importantly, security updates.

For Exchange Server specifically, Microsoft also won’t release any more time zone updates or patches. And Outlook 2016 will stop being supported for connecting to Microsoft 365 services.

Why it matters for cybersecurity and compliance

The end of support is more than just a technical deadline. After October 14, 2025, these products will no longer receive security patches. Any new vulnerabilities found after that date won’t be fixed, leaving your systems exposed.

Attackers often target unsupported software because exploits are already widely available. If your Exchange Server is internet-facing, it becomes a much easier target. We’ve seen this before with vulnerabilities like ProxyLogon and ProxyShell, which led to serious breaches on unpatched Exchange servers.

Compliance is another factor. If you work in healthcare, finance, or any regulated industry, using unsupported systems could violate policies or laws like HIPAA or GDPR. Even for less regulated companies, unsupported software can become a red flag during security audits.

Beyond security, expect growing compatibility issues. Microsoft has confirmed that Outlook 2016 will stop connecting to Microsoft 365 after support ends. Older tools will gradually stop working with newer services, and you may not realize it until users start reporting problems.

Running outdated systems may seem cheaper in the short term, but it often costs more in risk, downtime, and incident response. If email is essential to your business, now’s the time to move to a supported and secure platform.

Migration options

The good news is you’ve got options, and the right choice depends on your business needs, regulatory requirements, and how much infrastructure you want to manage.

Option 1: Migrate to Microsoft 365 (Exchange Online)

For most organizations, Microsoft 365 is the recommended path. It offers hosted Exchange Online, feature updates, built-in security tools, and a simplified management experience.

Microsoft also reminds users that Outlook 2016 will stop connecting reliably to Microsoft 365 services after October 2025. So if you’re using Outlook 2016 with Exchange Online, you’ll need to upgrade both.

Here’s what to do:

• Plan for a mailbox migration using tools like Exchange Hybrid or third-party solutions.
• Make sure end users upgrade to a supported version of Outlook, such as Outlook in Microsoft 365 Apps.
• Decommission Exchange servers once the migration is verified and complete.

Option 2: Upgrade to Exchange Server Subscription Edition

If you’re sticking with on-premises, Microsoft will be offering a new Exchange Server Subscription Edition (SE), which is set to arrive in the second half of 2025. This version will move to a subscription-based model rather than perpetual licenses. Microsoft says it will include long-term support and security updates, which is suitable for highly regulated environments or organizations with strict data residency requirements.

Here’s how to prepare:

• Budget for Software Assurance and a new licensing model.
• Review Microsoft’s hardware and OS compatibility guides once published.
• Consider running a test deployment ahead of broader rollout.

Tips for a smooth transition

Take inventory now: Map out which users and departments are on Exchange 2016 or 2019 and what clients they’re using (e.g., Outlook 2016).

Evaluate bandwidth and infrastructure: Cloud migrations require stable and scalable internet connectivity. Assess your environment ahead of time.

Test, pilot, roll out: Don’t wait until the last minute. Start with pilot groups and refine your migration process before going company-wide.

Train your end users: Whether they’re moving to Outlook for Microsoft 365 or a new webmail interface, user training will reduce helpdesk tickets.

Don’t forget licensing: Moving to Microsoft 365 changes your cost structure. Review your licensing needs and bundles to avoid overpaying.