Not directly related to Exchange, but I have a colleague who swears up and down that his company (a small business) can better secure an on-prem CRM than a company like @HubSpot. It's terrifying how deluded these people are.

But that's just someone else's puter. 😂

It's been like a whole year of this...

I can't emphasize that! We used to have a hybrid architecture! and in one month I found 3 web shells!

Plus, no one ever got promoted for an Exchange Server upgrade. It is thankless, time consuming, and low value work.

Or - hear me out - move to something that isn't made by a company that cares more about forcing you to do whatever makes the most money for them, with the most lock-in. Giving all our data to wanna-be monopolies is neither good nor desirable.

Also from the IR front lines: if you have Microsoft 365, assume compromise. Having something on-prem is not a guarantee for compromise, and having something outsourced/cloud-hosted is not a guarantee for being secure.

How do we make sure that o365 isn't compromised since it's based on exchange. At least we have that chance on on-premise