Exchange Server 2019 CU15: Final Cumulative Update and Key Changes

Microsoft has released Exchange Server 2019 Cumulative Update 15 (CU15), marking the final CU for Exchange Server 2019 before the transition to Exchange Server Subscription Edition (SE).

This comprehensive update includes new features, security enhancements, fixes for customer-reported issues, and prepares organizations for Exchange Server SE.

Key Highlights of CU15

Final Cumulative Update for Exchange 2019

• CU15 is the last major update for Exchange Server 2019.
• It includes all previous security updates (SUs), including a fix for the November 2024 time zone issue.
• After CU15, all future updates will be in Exchange Server SE.

Feature Flighting for Exchange Server SE

What is Feature Flighting?

• Feature Flighting is a new cloud-based update mechanism for Exchange Server SE.
• It allows admins to test and control select new features before full deployment.
• Microsoft can also disable problematic features remotely if issues arise post-release.
• Feature Flighting is enabled by default but can be disabled manually.

Note: No features are currently flighted in CU15, but this functionality will apply to future Exchange SE updates.

Enhanced Diagnostic Data Collection

• Exchange 2019 servers with diagnostic data enabled will now send additional telemetry data to Microsoft.
• This helps Microsoft detect security threats and improve future updates.
• Data collection is optional and can be turned off.

Support for Windows Server 2025

• CU15 (along with CU14) supports running Exchange Server 2019 on Windows Server 2025.
• Organizations can now: Install Exchange 2019 CU14 or CU15 on new Windows Server 2025 hardware. Perform in-place upgrades to Exchange Server SE to maximize lifecycle support.

DocParser Replaces Oracle Outside In Technology

• CU15 replaces Oracle’s Outside In Technology with Microsoft’s DocParser.
• DocParser is a Microsoft-developed tool for extracting text from various file formats.
• Used in Data Loss Prevention (DLP) and Exchange Transport Rules for email content scanning.

Partial TLS 1.3 Support

• CU15 enables TLS 1.3 for all protocols except SMTP when installed on Windows Server 2022 or later.
• SMTP support for TLS 1.3 will be added in a future update.
• TLS 1.3 is enabled by default in CU15 but does not disable older TLS versions.

Improvements to Exchange Server AMSI Integration

• Microsoft previously announced Advanced Malware Scanning Interface (AMSI) enhancements in the November 2024 SU.
• CU15 now fully integrates these AMSI improvements, providing better protection against malicious email content.

Certificate Management UI Restored in Exchange Admin Center (EAC)

• Certificate management tools that were previously removed from the Exchange Admin Center (EAC) have been restored in CU15.
• Admins can now manage SSL/TLS certificates directly in the EAC.

Coexistence with Exchange Server 2013 is Blocked

• CU15 cannot be installed in any organization that still has Exchange Server 2013.
• Before installing CU15, you must: Decommission and uninstall all Exchange 2013 servers. Follow additional steps for removing Exchange 2013 Edge Transport servers.

Extended Protection Enabled by Default

• Since CU14, Extended Protection is enabled by default for improved security.
• Organizations can opt out, but Microsoft strongly recommends keeping it enabled.

Delayed Features for Exchange Server SE CU1

Microsoft previously announced that Exchange Server 2019 CU15 would:

• Support Exchange Server SE product keys.
• Introduce new setup dependencies (such as an updated VC++ Redistributable).

These changes have been delayed to Exchange Server SE CU1 to ensure a smooth in-place upgrade experience.

Exchange Server Support Policy Updates

Extended Support for CU14 and CU15 Until Exchange Server 2019 End-of-Life

• Exchange Server 2019 has been in Extended Support since 2023.
• Microsoft normally requires customers to be on the latest CU (N-only) for support.
• Exception: Due to security updates and Windows Server 2025 validation, both CU14 and CU15 will remain supported until Exchange Server 2019 reaches end-of-life on October 14, 2025.
• Exchange 2019 CU13 is now out of support—customers should upgrade immediately.

Hybrid and Cloud Archive Customers Must Run CU15

• Organizations using Exchange Hybrid or Exchange Online Archiving must be on CU15 to remain fully supported.

Path to Exchange Server Subscription Edition (SE)

Exchange Server SE RTM = Exchange 2019 CU15 + Minor Changes

The RTM (initial release) of Exchange Server SE will be functionally identical to Exchange Server 2019 CU15, except for:

• Updated license agreement.
• Product name change from "Exchange Server 2019" to "Exchange Server Subscription Edition".
• New build number.

Future Hotfix Updates (HU) for Exchange Server 2019 CU15

• Microsoft will release a Hotfix Update (HU) for CU15 in the coming months.
• Fixes for customer-reported bugs will be included in: Exchange 2019 CU15 Hotfix Update Exchange Server SE RTM release Exchange 2016 CU23 Hotfix Update (if applicable)

Upgrade Paths to Exchange Server Subscription Edition (SE)

Upgrading from Exchange Server 2016 CU23

• Recommended: Upgrade to Exchange Server 2019 CU15 now, then perform an in-place upgrade to Exchange Server SE when available.
• Legacy upgrade from Exchange 2016 CU23 to Exchange SE RTM is also supported.

Upgrading from Exchange Server 2019 CU14/CU15

• Recommended: Perform an in-place upgrade to Exchange Server SE RTM when available.
• Legacy upgrade from Exchange 2019 to Exchange SE is also supported.

Installation & Deployment Best Practices

Key Considerations for CU15 Deployment

• Reboot the server before installation to ensure all Windows updates are fully applied.
• Test updates in a lab environment before deploying to production.
• Prepare Active Directory before upgrading (schema updates are listed here).
• Use Exchange Health Checker to verify if additional post-installation steps are needed.

Hybrid & Cloud Archive Customers Must Stay Updated

• Customers running Exchange Hybrid or using Exchange Online Archiving must deploy the latest CU to remain supported.

TLS 1.3 Configuration (Optional)

• Enabled by default when CU15 is installed on Windows Server 2022+.
• SMTP support for TLS 1.3 is coming in a future update.

Final Thoughts

• CU15 is the last major update for Exchange Server 2019, containing security fixes, Windows Server 2025 support, and new diagnostic capabilities.
• Organizations should prepare for the transition to Exchange Server Subscription Edition (SE), as CU15 serves as the foundation for Exchange SE RTM.
• If you are still on Exchange 2013, Exchange 2016 CU23, or an older Exchange 2019 CU, you must upgrade now to stay supported.

For full release details, check Microsoft’s official KB article: ?? Exchange Server 2019 CU15 (KB5042461)