For legacy Exchange administrators—the end is no longer nigh, it is officially on the calendar. From October 1, 2025, Microsoft will block all public folder migrations from Exchange Server 2010 and earlier to Exchange Online, halting a migration path that has long served as a lifeline for organizations navigating the often-painful transition to the cloud. This cut-off is not just a technical deadline but a sharply drawn line in the sand, marking the industry’s seismic shift away from on-premises holdouts toward a fully modernized, cloud-first messaging ecosystem. For organizations still dependent on aging Exchange infrastructure, this is the unequivocal last call: migrate now, or risk being left in the cold.
Microsoft’s terminology leaves little room for doubt. Support for direct public folder migrations from Exchange 2010 and older will be “deprecated” and outright blocked, regardless of whether a migration is ongoing or planned. If a customer finds their migration in-flight when the axe falls, there will be no reprieve—a transition plan that is half complete is as bad as one never started.
Once this deadline passes, any remaining Exchange 2010 or earlier customers will be required to “double hop”: first migrating public folders to a supported, newer on-premises Exchange version (2013, 2016, or preferably Subscription Edition), from which the move to Exchange Online can finally proceed. For many, this requirement introduces significant technical, operational, and financial burdens, particularly for sectors such as healthcare, legal, and government, which have long had outsized dependencies on Exchange due to regulatory, compliance, and data sovereignty concerns.
The message is clear: the pathway straight from the oldest supported on-premises Exchange architecture—the network backbone of many legacy organizations—will vanish by autumn. No exceptions, no workarounds.
For customers, the abruptness stings. While five years may seem sufficient by industry standards, the magnitude and intricacy of public folder structures in large enterprises or regulated sectors can make even half a decade barely enough. “Long unsupported,” as Microsoft puts it, translates to five years for 2010; earlier versions have been on borrowed time even longer.
This move is not without financial underpinnings, either. By ending support for direct public folder migrations, Microsoft is effectively pushing enterprise customers to adopt its new “continuous service delivery” (CSD) model, centered on the Exchange Subscription Edition and Microsoft 365 platforms. This framework ensures recurring revenue via cloud-service subscriptions and subscription-only server products, heralding the end of traditional perpetual licensing for many core Microsoft products.
Unlike previous multi-year ESU programs for Windows, there will be no public download or Windows Update distribution for these patches. Support will only be granted via private negotiation and contract with Microsoft, and, as of publication, pricing remains undisclosed but is widely expected to be premium. The guidance from Microsoft is blunt: do not plan to extend dependency on legacy Exchange—these ESUs should be viewed only as an emergency parachute, not a fallback strategy.
Multiple zero-day exploits and ransomware campaigns, including high-profile attacks in 2021 and 2022, have demonstrated the catastrophic risks of operating out-of-date Exchange servers. Compromised email servers expose organizations to financial loss, reputational damage, regulatory penalties, and—most significantly—loss of control over core communications.
Microsoft’s decision to tie the sunset of Exchange 2010 public folder migrations to the same timeframe as Windows 10’s end of life underscores its belief that legacy server risk is not a hypothetical, but an operational certainty. Once April 2026 passes, no further patches—paid or otherwise—will be available. The window for “last chance” support will slam shut.
Administrators have less than a year to enact a migration plan that might have once taken twice as long. Those who act now will secure the benefits of new-generation security, integration, and compliance. Those who delay face not only technical complexity but a rapidly shrinking window for recourse if something goes awry.
For Exchange administrators, the end of the line is clear. The smart money is on moving before you’re pushed—because soon, legacy Exchange won’t just be unsupported, it will be un-migratable. The clock is ticking, and this time, there really are no extensions left.
Source: theregister.com End of the line for legacy Exchange public folder migrations
From Grace Period to Guillotine: The Migration Deadline
Microsoft’s terminology leaves little room for doubt. Support for direct public folder migrations from Exchange 2010 and older will be “deprecated” and outright blocked, regardless of whether a migration is ongoing or planned. If a customer finds their migration in-flight when the axe falls, there will be no reprieve—a transition plan that is half complete is as bad as one never started.Once this deadline passes, any remaining Exchange 2010 or earlier customers will be required to “double hop”: first migrating public folders to a supported, newer on-premises Exchange version (2013, 2016, or preferably Subscription Edition), from which the move to Exchange Online can finally proceed. For many, this requirement introduces significant technical, operational, and financial burdens, particularly for sectors such as healthcare, legal, and government, which have long had outsized dependencies on Exchange due to regulatory, compliance, and data sovereignty concerns.
The message is clear: the pathway straight from the oldest supported on-premises Exchange architecture—the network backbone of many legacy organizations—will vanish by autumn. No exceptions, no workarounds.
Why Now? Microsoft’s Strategic Calculation
According to Microsoft, the rationale for this move is rooted in security and reliability: “We are deprecating support for public folder migrations from Exchange Server 2010 and older versions to Exchange Online to reduce reliance on older systems and improve long-term service reliability.” On its face, this sounds reasonable—except for the fact that mainstream support for Exchange 2010 only ended in October 2020, with many organizations continuing to operate these servers past official support, thanks to the stubborn resilience of legacy technology and the complexity of enterprise email migrations.For customers, the abruptness stings. While five years may seem sufficient by industry standards, the magnitude and intricacy of public folder structures in large enterprises or regulated sectors can make even half a decade barely enough. “Long unsupported,” as Microsoft puts it, translates to five years for 2010; earlier versions have been on borrowed time even longer.
This move is not without financial underpinnings, either. By ending support for direct public folder migrations, Microsoft is effectively pushing enterprise customers to adopt its new “continuous service delivery” (CSD) model, centered on the Exchange Subscription Edition and Microsoft 365 platforms. This framework ensures recurring revenue via cloud-service subscriptions and subscription-only server products, heralding the end of traditional perpetual licensing for many core Microsoft products.
Life After October 2025: Double Hops and Dead Ends
Customers resisting the cloud are now pushed toward a two-stage migration. The only way forward for those clinging to Exchange 2010 or earlier will be:- Modernizing on-premises infrastructure: This often involves investing in interim Exchange Subscription Edition (or at the very least Exchange 2016 or 2019) to enable a new migration path.
- Rerunning migration projects: Complex, high-risk transitions must be rescheduled and executed twice—once to move from a “dead” Exchange version to a supported one, and again to leap to Exchange Online.
Last-Ditch Support: Extended Security Update (ESU) Lifeline
The hard edge of this deprecation is mitigated, but only slightly, by Microsoft’s new, one-time six-month Extended Security Update (ESU) program for Exchange and Skype for Business servers. For those unable to fully modernize or migrate before support fully evaporates, this ESU—running from October 14, 2025, to April 14, 2026—offers only the barest safeguard: critical and important security patches but no hope of functional extensions or further lifeline.Unlike previous multi-year ESU programs for Windows, there will be no public download or Windows Update distribution for these patches. Support will only be granted via private negotiation and contract with Microsoft, and, as of publication, pricing remains undisclosed but is widely expected to be premium. The guidance from Microsoft is blunt: do not plan to extend dependency on legacy Exchange—these ESUs should be viewed only as an emergency parachute, not a fallback strategy.
Security: The Ever-Growing Attack Surface
The underlying risk driving these changes cannot be overstated. Running unsupported email infrastructure is not merely about missing features; it is a direct invitation for threat actors. As recently as June 2025, industry analyses suggested there were still tens of thousands of servers worldwide running legacy Exchange, particularly in highly regulated industries with sensitive data. Each month past the end-of-support increases vulnerabilities as attackers target known flaws.Multiple zero-day exploits and ransomware campaigns, including high-profile attacks in 2021 and 2022, have demonstrated the catastrophic risks of operating out-of-date Exchange servers. Compromised email servers expose organizations to financial loss, reputational damage, regulatory penalties, and—most significantly—loss of control over core communications.
Microsoft’s decision to tie the sunset of Exchange 2010 public folder migrations to the same timeframe as Windows 10’s end of life underscores its belief that legacy server risk is not a hypothetical, but an operational certainty. Once April 2026 passes, no further patches—paid or otherwise—will be available. The window for “last chance” support will slam shut.
Real-World Impacts: Who Is Most at Risk?
Certain types of organizations face greater hurdles than others:- Regulated industries (healthcare, finance, legal, government): Data retention and sovereignty rules mean “cloud or bust” is not always an option. Many have intricate dependencies on Exchange public folders for regulatory archiving and compliance.
- Large enterprises: With thousands or millions of public folder items, migrations can require months of resource-intensive effort—far outstripping the grace period available for ESU.
- Organizations with custom integrations: Line-of-business applications or bespoke archiving solutions may not be compatible with newer Exchange versions or Microsoft 365 architecture—requiring significant redevelopment as part of any migration.
Migration Pathways and Critical Guidance
Microsoft’s own migration guidance can be summarized as follows:- Inventory and Audit: Conduct a full audit of Exchange deployments, identifying the specific versions and public folder usage in place.
- Engagement: Open discussions with Microsoft (beginning August 1, 2025) for ESU eligibility, pricing, and possible exceptions.
- Acceleration: Where feasible, accelerate the move to Exchange Subscription Edition or at least 2016/2019, as this is now required to access Exchange Online migrations.
- Security Hardening: For any legacy Exchange environment running during the grace period, reinforce security postures: tighten firewalls, monitor for abnormal activity, conduct regular backups, and stress-test disaster recovery plans.
- Communicate Risk: Clearly articulate to organizational leadership both the cyber and business risks of sitting on unsupported systems—making the case for resource allocation to complete migrations.
- Budget for Change: Prepare for budgetary impacts: ESU costs, the expense of new infrastructure, and the higher ongoing operational cost of Subscription Editions compared to perpetual licensing models.
The Pros and Cons of Microsoft’s Approach
Strengths
- Security-First Policy: By enforcing a strict timeline for migration and ESU, Microsoft sends a clear message—no complacency for critical systems that underpin the world’s businesses. This approach is aligned with rising threats in the cybersecurity landscape.
- Transparency: Microsoft’s explicit “no further extensions” stance provides certainty and reduces planning risk for IT departments.
- Alignment Across Platforms: Synchronizing Exchange, Skype for Business, and Windows 10/11 end-of-life dates enables holistic, organization-wide planning, instead of piecemeal upgrades that could expose gaps.
Weaknesses and Risks
- ESU is a Stopgap: The six-month ESU window is not realistically sufficient for many large, complex, or regulated organizations.
- Opaque Pricing and Access: ESU pricing is hidden, and patches are only available through direct negotiation, disadvantaging small and midsize organizations lacking enterprise licensing expertise.
- Migration Complexity: For deeply entrenched legacy deployments, the effort to modernize, particularly when “double hop” upgrades are required, can tip into the realm of full-blown IT transformation.
- Increased Operational Costs: Subscription Edition, while operationally robust, often incurs greater long-term costs due to rolling licensing and the need for continuous staff re-training amid evolving management paradigms.
- No Going Back: With the blocking of migration tools, there are no paths for organizations that miss the cut-off, short of rebuilding infrastructure from scratch on newer supported platforms.
What Alternatives Remain?
For organizations entirely unable or unwilling to shift to Exchange Subscription Edition or Exchange Online:- Third-party migration tools: Some vendors offer solutions for public folder migration to Office 365 or between on-premises environments, but these often incur significant cost, have limited support guarantees, and carry increased risk of partial or failed migrations.
- Hybrid deployments: Some may maintain a hybrid mode, keeping legacy Exchange for non-compliant workloads while modernizing the remainder. However, this pattern itself faces diminishing support and incurs both maintenance and security drawbacks.
- Non-Microsoft solutions: A wholesale move to Google Workspace, Zoho, or another provider is theoretically possible, but will often require even deeper business process and compliance reviews—a practical impossibility for many.
Looking Ahead: The Exchange Subscription Era
Exchange Subscription Edition, Microsoft’s perpetual cloud-connected alternative, is positioned as the new normal. With continuous updates, enhanced analytics, and seamless Azure/Microsoft 365 integration, it promises operational stability and compliance at scale. Yet the flexibility and cost predictability of the old perpetual license model is gone. This is a bridge not just from legacy code, but to a new economic and compliance paradigm for enterprise email.Final Thoughts: A Lasting Legacy, or a Final Curtain?
This enforced migration deadline for Exchange public folders is emblematic of a broader industry reality: inertia is no longer an option. The days of “if it ain’t broke, don’t fix it” have been replaced by “if it’s not supported, you’re at risk.” Legacy platforms carry mounting, quantifiable consequences—regulatory, reputational, and existential.Administrators have less than a year to enact a migration plan that might have once taken twice as long. Those who act now will secure the benefits of new-generation security, integration, and compliance. Those who delay face not only technical complexity but a rapidly shrinking window for recourse if something goes awry.
For Exchange administrators, the end of the line is clear. The smart money is on moving before you’re pushed—because soon, legacy Exchange won’t just be unsupported, it will be un-migratable. The clock is ticking, and this time, there really are no extensions left.
Source: theregister.com End of the line for legacy Exchange public folder migrations
