Exchange Administration Center: The EAC brings to mind the quote, “You’re riding it, dude!” Yes, I cannot help but think of the line from “Finding Nemo” whenever I think of the new admin console for Exchange. But seriously, the GUI-based EMC (Exchange Management Console) and the Web-based ECP (Exchange Control Panel) are being replaced by a single Web-based UI that is, frankly, my least favorite of all the new Exchange 2013 features. I don’t like Web-based consoles for administration; they always feel clunky and unfriendly. Plus, it has that Metro look, which leaves me cold. We’ll see if I can get used to it.
Exchange architecture revisions: Exchange 2007 and 2010 are broken into five server roles, mainly to address performance issues like CPU performance, which would suffer if Exchange were running as one monolothic application. But Microsoft has made progress on the performance side, so Exchange 2013 has just two roles: Client Access server role and Mailbox server role. The Mailbox server role includes all the typical server components (including unified messaging), and the Client Access server role handles all the authentication, redirection, and proxy services. You can deploy Exchange 2013 with an Exchange 2010 Edge Transport server role but a 2013 Edge role is planned post-RTM.
A new managed store: The store service has been completely rewritten in managed code (C#). Although this change bodes well in terms of higher availability and resiliency, it doesn’t mean the ESE (Extensible Storage Engine) database engine has been replaced with SQL, as many admins would like. Exchange 2013 continues to use ESE as the database engine. But now each database runs in its own dedicated worker process, so a hung process in one database will not cause problems in other databases. Fast Search (an add-on to SharePoint 2010) is also integrated into the managed store for improved search and indexing.
Modern public folders: Rather than just getting rid of public folders (something promised for future releases), Microsoft has embraced them once again. They are no longer managed through the separate Public Folder Management Console; instead, they are managed via the EAC. That makes them public folder mailboxes, which means they use regular mailbox databases. In turn, this means they can be made part of a database availability group for disaster recovery.
Lots o’ PowerShell cmdlets: Although 13 cmdlets have been removed (many having to do with the old public folder management), Exchange 2013 brims with 187 new PowerShell cmdlets. That may not be the final tally when the final version ships next year, but it shows that command-line management tools are still growing. I wasn’t kidding years back when I told everyone to learn PowerShell. It’s not going away.
DLP (data loss prevention): DLP is new in Exchange 2013’s transport rules, but it’s also a continuation of Mail Tips in that it warns users when they may be violating policies meant to prevent disclosure of sensitive data. Such disclosures are usually inadvertent, so the use of DLP-fired reminders lets users be aware when they are putting something like a credit card number or Social Security number in an email. The built-in DLP policies are based on regulatory standards like PCI.
Outlook Web App enhancements: The whole of OWA is redesigned — yay! One awesome feature is support for offline access, which lets users write messages in their browser when offline, then have the messages delivered when they connect to the Internet. OWA supports this feature in Microsoft’s Internet Explorer 10, Apple’s Safari 5, and Google’s Chrome 16 (or later), all of which support the HTML5 local data storage feature. There’s also a new set of UI layouts that users can choose from for desktop, tablet, and smartphone use — a smart approach.
Built-in antimalware: Exchange has had antispam capabilities for quite some time; as of Exchange 2007 you could even choose whether to turn on antispam in the Edge role or in the Hub Transport role. Exchange 2013 extends antispam to a broader set of antimalware capabilities, such as to block phishing attempts.