There's been some big news since my last UPDATE column. First, the Detroit Lions won a football game. If you count exhibition games, that win means that they won't lose all of their games this year. I eagerly await the regular season to see if they can keep their winning streak alive. Now, on to the Exchange Server news.

Microsoft shipped the release candidate (RC) of Exchange Server 2010 on August 17. The RC is feature-complete, meaning that it includes all the features that Microsoft intends to have in the final release. Exchange 2010 is already deployed to nearly 10 million users worldwide, which itself is a significant milestone. Microsoft supports pre-release software for production use only if you're in one of its early-adopter programs. However, the Exchange 2010 RC release announcement specifically mentioned that the RC can be upgraded in-place to the final release version. Make of that what you will.

Interestingly, the announcement included the fact that Exchange Server all by itself generated nearly $2 billion of revenue for Microsoft. According to Microsoft, that would make Exchange the ninth-largest software company in revenue. I was curious, so I looked up the 2008 Fortune 1000 list of largest American companies based on revenue, and found that Exchange would come in at around 900 even when matched against all different types of companies. Not too shabby!

Of course, not everyone is ready to rush into deployment of Exchange 2010. For those of us who are on Exchange 2007, the big news came this week with the official release of Service Pack 2 for Exchange 2007. Apart from Exchange 2010 coexistence, SP2 includes several other major features. The biggest, and no doubt most eagerly awaited, feature is a plug-in that lets the in-box Windows Server 2008 Windows Backup tool properly back up and restore Exchange 2007 data. My favorite SP2 feature is probably its enhanced security auditing.

Administrators have long complained that Exchange doesn’t log enough information about access attempts to maintain an audit trail for tracking unauthorized access, though it does use the built-in Windows audit feature to track logon attempts on mailboxes. The problem is that Exchange itself often generates legitimate logon attempts (as when requesting calendar information) that make it hard to distinguish legitimate and illegitimate access. SP2 adds the ability to log auditing events when user A takes specific action in user B’s mailbox, including opening a folder, opening a message, using the Send As permission, or sending on behalf of a user. This auditing ignores access requests generated by the system, such as calendar free/busy requests.

You have to turn on auditing for specific access types because it’s off by default. When enabled, you’ll see message and folder access events logged in the application event log. The new GUI for changing the diagnostic logging level of different components runs a close second to enhanced security auditing as a favorite SP2 feature. It’s about time that Microsoft offered a simple way to change this setting.

Microsoft still hasn't set a definitive release date for Exchange 2010, nor has the company released details on pricing and licensing terms. I expect to see such details coming in the near future, probably at an upcoming IT-pro focused event such as TechEd Europe.

Related Reading: