Connecting state and local government leaders
Look for a number of Microsoft business products to reach end-of-support milestones in 2020.
Jan. 14 marks the end of Microsoft support for millions of Windows 7 users, making them ineligible for free security updates and opening their machines to malware attacks. The 2009 operating systems isn't the only product being phased out, however. Other Microsoft business products will lose support this year as well.
Windows 7 client and server deadlines
For organizations stuck on those platforms, Microsoft offers an Extended Security Updates program, which adds the rights to continue to get patch support for one year and can be renewed each year for three years total. However, the ESU program isn't cheap. It costs about $62 per user in the first year of the Windows 7 ESU program, but the price is said to double each year.
The ESU program has various nuances. The patching support varies, for instance. Windows 7 and Windows Server 2008/R2 users get "Critical" and "Important" patches under the program, while SQL Server 2008/R2 users just get "Critical" fixes. Microsoft offers a rationale for the lack of Important SQL Server 2008/R2 patches under the ESU program in this FAQ.
Organizations using Microsoft's volume licensing sales programs are supposed to contact their "Account Team CE" to purchase the ESU keys that will continue patch support for one year. Other and smaller organizations are directed to contact a Cloud Solution Provider (CSP) partner to buy these ESU keys.
An alternative for organizations stuck on Windows Server 2008/R2 and SQL Server 2008/R2 is to run those workloads on Azure virtual machines. In such cases, there's no cost for getting software updates via the ESU program, but organizations still must pay for Azure virtual machine hosting costs.
Exchange Server 2010, SharePoint Server 2010 and Office 2010
Exchange Server 2010 will fall out of extended support on Oct. 13, 2020, losing free patch support from Microsoft. The end-of-support date for Exchange Server 2010 was originally Jan. 14, 2020, but Microsoft announced back in September that it was extending it by about 10 months.
SharePoint Server 2010 also falls out of extended support on Oct. 13, 2020, along with the Office 2010 client, Project Server 2010 and Windows Embedded Standard 7, according to this Microsoft support notice.
Exchange Server 2010 upgraders will need to perform a two-hop migration to get to the current Exchange Server 2019 flagship product. They'll need to upgrade to either Exchange Server 2013 or Exchange Server 2016 first before moving to the newest server product.
Microsoft also announced in September that "Basic Authentication" in its Exchange Online e-mail service will be removed on Oct. 13, 2020. The reason for its removal is that Basic Authentication is subject to password spray attack scenarios, as Microsoft previously explained.
Other 2020 deadlines and milestones
Microsoft plans to replace its Windows Analytics utility for assessing Windows 10 upgrades with its Desktop Analytics solution, staring on Jan. 31, 2020, as announced back in September.
The company expects to deliver its new Chromium-based Edge browser via its Automatic Updates service as early as this month, since it's slated for commercial release on Jan. 15, 2020. The new browser will replace the currently installed EdgeHTML-based Edge browser. The Chromium-based Edge browser will get new feature updates every six weeks.
In addition, Adobe's Flash Player fell out of support last month and will be "disabled by default" in the Chromium-based Edge browser release, according to this Microsoft support article. It added that "Flash will be completely removed from all browsers by December 31, 2020, via Windows Update."
Microsoft also is planning to release a security update in March 2020 for the Lightweight Directory Access Protocol (LDAP) that's used for authenticating user access via Active Directory domain controllers. This update will support "LDAP channel binding and LDAP signing hardening" to improve the security of systems, according to a support article. Microsoft wants IT pros to take the steps listed in security advisory ADV190023 in preparation for this change.
A longer, more detailed version of this article was first posted to Redmond, a sibling site to GCN.