Most businesses still running on-premises Microsoft Exchange in 2026 are not doing it for a strategic reason. They are doing it because nobody made the decision to stop. The server is still there because it has been there. Email still works because it always has. The patches mostly get installed. The backups mostly run. The IT person who was supposed to migrate this two years ago never quite got to it. And every month that the server stays in the closet, the business absorbs a little more risk that nobody is actively managing.
We have completed hundreds of email migrations for Central Illinois businesses, and the pattern is almost always the same. The Exchange server outlived the strategy. The business outgrew the setup. The right time to move was two years ago. The second best time is now.
At a glance: The reason most businesses still run on-premises Exchange in 2026 is rarely strategic. It is usually inertia. Running Exchange in 2026 carries real business risk that has nothing to do with Microsoft’s product roadmap and everything to do with how email actually works now. A properly planned migration takes 2 to 4 weeks of project time for a typical small business, with your team experiencing effectively no disruption. The migration project itself for most Central Illinois businesses runs $10,000 to $25,000, depending on size and complexity. This is one-time work.
Why Are You Still Running Exchange?
This is worth answering honestly before anything else.
The businesses we encounter still running on-premises Exchange in 2026 fall into a few buckets. The most common is the one where Exchange just kept working, so nobody touched it. The IT person who built the setup left years ago. The current IT support knows enough to keep it running but not enough to migrate it. Every few months someone says “we should really move to the cloud,” and every few months it gets bumped down the priority list because nothing is actively on fire.
The second bucket is businesses that tried to migrate at some point and got scared off. A bad vendor quote. A horror story from another business. An IT person who insisted it would be disruptive. The decision was made to wait, and then nobody revisited it.
The third bucket is businesses that genuinely had a reason at some point. Compliance concerns about cloud storage. Specific integrations with legacy line-of-business software. Custom transport rules that nobody wants to touch. In 2026, these reasons mostly do not hold up anymore. Microsoft 365 is HIPAA-eligible, supports nearly every modern integration, and has matured to the point where what used to be edge cases now have documented solutions.
None of these reasons are bad reasons. They are just not strategic reasons to still be running Exchange in 2026. Inertia is the actual reason, and inertia has been compounding into risk for a while now.
What Running Exchange Actually Costs You
The cost is not the licensing. Microsoft’s licensing for on-premises Exchange is not the expensive part of the equation.
The cost is what runs in the background and accumulates. Every month your server is on, it accumulates patches that need to be installed and tested. Every month, security advisories come out for Exchange that have to be evaluated. Every month, your backups need to run, and someone needs to verify they actually completed. Every month, somebody is supposed to be reviewing the security logs.
In the businesses we assess, this work is almost never being done. Patches are 6 to 18 months behind. Backup verification is theoretical. Security log review is nonexistent. The server is running, but nobody is actually managing it. This is the gap between “Exchange is working” and “Exchange is safe.”
The risk that accumulates in that gap is the actual cost. Unpatched Exchange servers have been the entry point for some of the most expensive ransomware events of the last several years. The 2021 ProxyLogon vulnerability alone gave attackers access to tens of thousands of unpatched Exchange servers worldwide. Most of those servers were not compromised because the IT teams were incompetent. They were compromised because the businesses had moved past the point where anyone was really paying attention to the server.
Modern email security capabilities that small businesses now need (advanced phishing detection, conditional access policies, encryption, retention policies, eDiscovery for compliance) are either difficult to implement on on-premises Exchange or simply not available. Microsoft 365 has these built in. Running Exchange in 2026 means accepting a security posture that is meaningfully behind the modern standard, regardless of how attentive your IT team is.
Add to this the operational drag: VPN setup for remote workers, the special procedures to access email from a phone, the disaster recovery plans that depend on the server room staying powered, the storage that fills up at the worst possible moment. None of these are catastrophic on their own. Together, they are a quiet tax on the business that competitors using modern email do not pay.
What a Migration Actually Looks Like When It Is Done Right
Most of the migration anxiety comes from people who have either seen a bad one or read about one online. A properly planned migration is genuinely boring from the user perspective.
Your team keeps working in their existing email throughout the project. The transition happens in waves rather than all at once. The cutover moment, when email officially switches over, happens outside business hours and takes a few hours rather than days. Users open their Outlook the next morning, it reconfigures itself once, and they go back to work. The whole experience for end users is closer to a software update than a major project.
The project around the cutover is where the real work happens. We document the existing environment, identify any mailboxes or configurations that need special handling, set up the Microsoft 365 tenant with appropriate security policies, coordinate the DNS changes that direct email to the right place, prepare end users for the small visible changes, and validate everything works before close-out. This is roughly 80% of the project. The actual mailbox migration is the simple part once the rest is in order.
For a typical small business in Central Illinois, this whole project runs about 2 to 4 weeks. Mid-sized organizations take 4 to 8 weeks. The leadership time required is usually under ten hours total, spread across the project. We have not had a client experience meaningful business disruption from a properly planned migration in years. The migrations that do go badly are almost always ones where someone tried to skip the planning work to save money or time.
Why You Should Not DIY This
Microsoft has built solid migration tools. The technical execution is well-documented. In theory, a capable IT person could run a migration themselves. We have seen this attempted many times, and we know how it usually goes.
The technical work is roughly 20% of the project. The other 80% is the planning, the security configuration, the communication with department heads, the coordination with the prior IT setup, the validation checklist, and the troubleshooting when something does not work the first time. The Microsoft migration wizard handles the 20%. It does not handle the 80%.
What goes wrong when businesses DIY is rarely the migration itself. It is usually one of the surrounding pieces. The MX records get set up wrong and email delays for two days. Multi-factor authentication gets turned on before users are prepared and the helpdesk gets flooded. A line-of-business application that depends on email integration stops working because nobody noticed it had specific configuration. Compliance retention policies do not get migrated and the next audit becomes a problem. None of these are technical limitations. They are planning limitations.
If your business is very small, very simple, and has someone with real IT experience who can dedicate proper time to the project, DIY is possible. For most businesses in the 25 to 250 employee range, the math on doing it yourself stops working pretty quickly once you factor in the value of leadership time and the risk of doing it wrong.
How Should You Think About the Timing?
There are a few real signals that the time to plan is now rather than in another year.
Microsoft has announced that Exchange Web Services protocols will be blocked in Exchange Online starting October 1, 2026. For businesses with hybrid setups or legacy connections, this creates a real deadline. The companies waiting until late 2026 to plan are going to compress their planning window in ways that make the project riskier than it needs to be.
Beyond the Microsoft deadline, the more practical signal is whether your Exchange server has gotten the attention it deserves. If it has been more than six months since anyone validated the backups, more than 18 months since the patches were current, or more than two years since anyone evaluated the security configuration, the server is no longer being managed. It is being tolerated. That is the moment to address it.
The third signal is harder to name but real: businesses that have grown past the size where a single-server setup made sense. If you have remote workers, multiple locations, compliance requirements, or anyone in your business who needs reliable email access outside the office, you are paying a tax to keep Exchange running that does not match what your business actually needs anymore.
How Does Facet Handle Migrations?
Facet has completed many email migrations for Central Illinois businesses, ranging from small offices to mid-sized organizations with serious compliance requirements. We do this work constantly. The approach is built around making the project feel boring to your team.
We start with an honest assessment of your current environment, not a generic quote based on user count. From there, we recommend the right migration approach for your situation, walk through the licensing options that fit your team, coordinate with whoever is currently managing your Exchange server, handle the technical execution, and validate everything works before close-out. For most businesses, the entire migration project requires less than ten hours of leadership time total, spread across several weeks.
After migration, our managed IT services include Microsoft 365 management as part of the ongoing relationship. For businesses that want strategic guidance on broader cloud and platform decisions, our strategic IT advisory service handles the platform roadmap.
For the broader framework on evaluating IT providers, see our 7 questions to ask before signing. For what an ongoing IT partnership looks like, see What an IT partnership looks like.
Frequently Asked Questions
How long does an Exchange to Microsoft 365 migration take?
A typical small business migration takes 2 to 4 weeks of total project time. Mid-sized organizations of 100 to 500 users typically take 4 to 8 weeks. The actual email cutover for end users is usually invisible, happening in the background while users keep working.
Will my team be without email during the migration?
With proper planning, no. Modern migration approaches allow users to keep working in their existing email throughout the transition. The actual cutover moment is scheduled outside business hours with effectively no downtime. Reports of “email was down for a week” come from migrations that skipped the planning work, not from properly executed projects.
What does a migration project cost?
For most small and mid-sized businesses in Central Illinois, one-time migration project costs run $10,000 to $25,000 depending on size, complexity, and how much additional security setup is included. This is one-time work, not an ongoing cost. The Microsoft 365 licensing for users after migration is billed separately.
Can my office manager handle this with Microsoft’s migration wizard?
For very small environments (fewer than 5 mailboxes) with simple configurations, possibly. For most businesses, the wizard handles roughly 20% of the project. The other 80% (planning, security configuration, user communication, validation, DNS coordination) is what separates a smooth migration from a chaotic one. Most businesses benefit from a partner who handles the complexity rather than navigating it themselves.
What is the October 2026 Microsoft deadline?
Microsoft has officially announced that Exchange Web Services (EWS) protocols will be blocked in Exchange Online starting October 1, 2026. This affects businesses still running on-premises Exchange Server. Practically, businesses should plan migration before that deadline rather than after.
What licensing tier fits my team?
Microsoft 365 offers multiple business tiers with different security and capability levels. The right tier depends on whether your business has compliance obligations, remote workers, or other security needs. Rather than recommend a single number, we walk through the right fit role by role during the migration assessment.
What if my current IT person resists the migration?
This is more common than people expect. Sometimes the resistance is legitimate technical caution. More often, it is the human discomfort of admitting that something they have been managing should have been retired years ago. We work alongside existing IT teams during migrations rather than around them, and the conversations tend to go better than businesses expect.
Ready to Move Past the Exchange Server in Your Closet?
If you have been thinking about this migration for a while and never quite getting to it, that is the most common reason businesses end up calling us. We can walk through your specific situation, give you a realistic timeline, and help you make the decision you have probably already known you needed to make.
(309) 689-3900 | Schedule a conversation | info@facettech.com
For broader background, see our 7 questions to ask before signing and our What to Expect When Switching to a New Managed IT Provider guide.
Facet Technologies has provided IT services to Central Illinois businesses for over 30 years. Based in Peoria, we serve healthcare, manufacturing, agriculture, professional services, and government organizations across the region.
Ellie Shaw is the Director of Marketing at Facet and the author of Cyber Treats, Facet's biweekly newsletter featuring topics like IT news, cybersecurity updates, compliance advice, and anything tech. She has been a member of the Facet team full-time since 2016 and enjoys finding new ways to share resources and information about cybersecurity with others.