Exchange Server 2013 Service Pack 1 (SP1) is now available for download! The final build number for Exchange Server 2013 SP1 is 15.00.0847.032.
Security and Compliance
SP1 provides enhancements improving security and compliance capabilities in Exchange Server 2013. This includes improvements in the Data Loss Prevention (DLP) feature and the return of S/MIME encryption for Outlook Web App users.
- DLP Policy Tips in Outlook Web App – DLP Policy Tips are now enabled for Outlook Web App (OWA) and OWA for Devices. These are the same Policy Tips available in Outlook 2013. DLP Policy Tips appear when a user attempts to send a message containing sensitive data that matches a DLP policy. Learn more about DLP Policy Tips.
- DLP Document Fingerprinting – DLP policies already allow you to detect sensitive information such as financial or personal data. DLP Document Fingerprinting expands this capability to detect forms used in your organization. For example, you can create a document fingerprint based on your organization’s patent request form to identify when users are sending that form, and then use DLP actions to properly control dissemination of the content. Learn more about DLP Document Fingerprinting.
- DLP sensitive information types for new regions – SP1 provides an expanded set of standard DLP sensitive information types covering an increased set of regions. SP1 adds region support for Poland, Finland and Taiwan. Learn more about the DLP sensitive information types available.
- S/MIME support for OWA – SP1 also reintroduces the S/MIME feature in OWA, enabling OWA users to send and receive signed and encrypted email. Signed messages allow the recipient to verify that the message came from the specified sender and contains the only the content from the sender. This capability is supported when using OWA with Internet Explorer 9 or later. Learn more about S/MIME in Exchange 2013.
Architecture & Administration
These improvements help Exchange meet our customer requirements and stay in step with the latest platforms.
- Windows Server 2012 R2 support – Exchange 2013 SP1 adds Windows Server 2012 R2 as a supported operating system and Active Directory environment for both domain and forest functional levels. For the complete configuration support information refer to the Exchange Server Supportability Matrix. This matrix includes details regarding Windows Server 2012 R2 support information about earlier versions of Exchange.
- Exchange Admin Center Cmdlet Logging – The Exchange 2010 Management Console includes PowerShell cmdlet logging functionality. Listening to your feedback, we’re happy to announce that this functionality is now included in the Exchange Admin Center (EAC). The logging feature enables you to capture and review the recent (up to 500) commands executed in the EAC user interface while the logging window is open. Logging is invoked from the EAC help menu and continues logging while the logging window remains open.
- ADFS for OWA – Also new for Outlook Web App in SP1 is claims-based authentication for organizations using Active Directory Federation Services. Learn more about the scenario.
- Edge Transport server role – SP1 also reintroduces the Edge Transport server role. If you have deployed Exchange 2013 with a supported legacy Exchange Edge Transport role, you don’t need to upgrade. That configuration is still supported. But we do recommend that future deployments use the Exchange 2013 Edge Transport role. Learn more about Edge Transport in Exchange 2013.
- New communication method for Exchange and Outlook – SP1 introduces a new communication method for Exchange Server and Microsoft Outlook called MAPI over HTTP(MAPI/HTTP). This communication method simplifies connectivity troubleshooting and improves the user connection experience with resuming from hibernate or switching networks. MAPI/HTTP is disabled by default, allowing you to decide when to enable it for your organization. MAPI/HTTP can be used in place of RPC/HTTP (Outlook Anywhere) for your Outlook 2013 SP1 clients while Outlook 2013 RTM and older clients continue to use RPC/HTTP. Learn more about deploying MAPI/HTTP.
- DAGs without Cluster Administrative Access Points – Windows Server 2012 R2 introduces failover clusters that can operate without an administrative access point: no IP addresses or IP address resource, no network name resource, and no cluster name object. SP1 enables you to create a DAG without an administrative access point on Windows Server 2012 R2 from EAC or PowerShell. This is an optional DAG configuration for SP1 and requires Windows Server 2012 R2. DAGs with administrative access points continue to be supported. Learn more about creating a DAG without an administrative access point here and here.
- SSL offloading – SP1 now supports SSL offloading, allowing you to terminate incoming SSL connections in front of your CAS servers and move the SSL workload (encryption & decryption tasks) to a load balancer device. Learn how to configure SSL offloading in Exchange 2013.
We know the user experience is crucial to running a great messaging platform. SP1 provides continued enhancements to help your users work smarter.
- Enhanced text editor for OWA – OWA now uses the same rich text editor as SharePoint, thereby improving the user experience, and enabling several new formatting and composition capabilities that you expect from modern Web application – more pasting options, rich previews to linked content, and the ability to create and modify tables.
- Apps for Office in Compose – Mail apps are now available for use during the creation of new mail messages. This allows developers to build and users to leverage apps that can help them while they are composing mails. The compose apps leverage the Apps for Office platform and can be added via the existing Office store or corporate catalogs. Learn more about Apps for Office.
Upgrading to SP1/Deploying SP1
As with all cumulative updates (CUs), SP1 is a full build of Exchange, and the deployment of SP1 is just like the deployment of a cumulative update.
Active Directory Preparation
Prior to or concurrent with upgrading or deploying SP1 onto a server, you must update Active Directory. These are the required actions to perform prior to installing SP1 on a server.
- Exchange 2013 SP1 includes schema changes. Therefore, you will need to execute the following command to apply the schema changes.setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
- Exchange 2013 SP1 includes enterprise Active Directory changes (e.g., RBAC roles have been updated to support new cmdlets and/or properties). Therefore, you will need to execute the following command.setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
Once the above preparatory steps are completed, you can install SP1 on your servers. Of course, as always, if you don’t separately perform the above steps, they will be performed by Setup when you install your first Exchange 2013 SP1 server. If this is your first Exchange 2013 server deployment, you will need to deploy both Client Access Server and Mailbox Server roles in your organization.
If you already deployed Exchange 2013 RTM code and want to upgrade to SP1, you will run the following command from a command line.
setup.exe /m:upgrade /IAcceptExchangeServerLicenseTerms
Alternatively you can start the installation through the GUI installer.
Hybrid deployments and EOA
Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to maintain currency on Cumulative Update/Service Pack releases.