Extended Protection Features Added to Microsoft Exchange Server

Microsoft recently revealed that systems using Exchange Server 2019 will soon benefit from enhanced security.

Microsoft has officially confirmed the upcoming introduction of Windows Extended Protection (EP) on these servers and provided a brief update on the matter. Starting with installing the H2 2023 Cumulative Update (CU14), this feature will be automatically enabled as default.

What will be included in the cumulative update in the second half of 2020?

The Enhanced Protection tool is designed to enhance the authentication capabilities of Windows Server to provide stronger protection against man-in-the-middle (MitM) attacks.

"Today, we want to let you know that starting with the 2019 H14 Cumulative Update (CU) for Exchange Server 2023 (aka CU2), EP will be enabled by default when installing CU14 (or later) "Exchange Server 2019 is currently in mainstream support and is the only version still getting CU," Microsoft said.

Introduced a new option for IT teams to opt out of this feature, as described in the command line CU installer.

Microsoft has outlined its recommended course of action based on the security updates installed on the endpoint.

Please note that all users with 2022-14 SU or higher with EP enabled: Simple CU2022 Installation: For those with 2022-14 SU or higher Version but have not enabled EP yet, must install If you fall into the category of users who have installed the Monthly Service Update or newer version but have not enabled EP functionality, then it is highly recommended to install CU. It's worth noting that the default settings for this installation include the "Enable EP" feature.

Users currently running Exchange Server versions prior to the 2022 Monthly Security Update (SU) are strongly recommended to upgrade their servers to the latest SU immediately.

In a major development, Exchange Server received a critical upgrade in February 2022, introducing Extended Protection. In the past, Microsoft informed IT teams that certain vulnerabilities required specific features to be activated. Deployed a script that enables or disables EP automatically. It's worth noting that this script continues to run effectively even on subsequently updated endpoints.

"We recommend that all customers enable EP in their environment. If your servers are running a 2022-2022 SU or later, they already support EP. If you have any servers older than< ;> your server will be considered persistently vulnerable and should be updated immediately," Microsoft said.

The above is the detailed content of Extended Protection Features Added to Microsoft Exchange Server. For more information, please follow other related articles on the PHP Chinese website!