Exchange

All things Exchange

0

Exchange Unexpected InternalNLBBypass URL – RecoverServer

Posted on by Rhoderick Milne [MSFT]
Exchange Server Unexpected URL RecoverServer

Reviewing the output of an environement's CAS Namespaces showed that there was an unexpecte URL present for the version of Exchagne that was installed.  With Exchange 2013 onwards InternalNLBBypassURL is not something that we need to set.  That was an Exchange 2007 and 2010 thing.

In the environment below note that there are couple of things that pique my interest.

Any thoughts?

Exchange WebServices Showing InternalNLBBypassURL

What is interesting i… Read the rest “Exchange Unexpected InternalNLBBypass URL – RecoverServer”

0

Exchange 2019 CU13 Released (2023 H1)

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 CU13 Download

Exchange 2019 CU13 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site!  Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU13 Released (2023 H1)”

0

End of Exchange 2013 Support

Posted on by Rhoderick Milne [MSFT]
Exchange 2013 Support Lifecycle

Today Exchange 2013 reaches the end of the road and it will transition out of extended support.  Hopefully everyone has migrated to a newer version and/or Office 365.  But experience tells me that will not be the case.

Hopefully no one will have Exchange 2013 published to the Internet either, but again experience says otherwise…

Please note that Microsoft will not provide technical support, time zon… Read the rest “End of Exchange 2013 Support”

0

Configure On-Premises Exchange For EOP Spam Thresholds

Posted on by Rhoderick Milne [MSFT]
Exchange Online Anti Spam Threshold

A common issue when deploying Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) with on-premises Exchange is making Exchange aware of the EOP spam filtering.  This is because EOP uses slightly different logic to stamp the spam results etc. into the message.  Exchange Server needs to be aware of this so that it can take action upon those settings.

On-Premises Spam Confiden

Read the rest “Configure On-Premises Exchange For EOP Spam Thresholds”
0

Updated Guidance On Exchange Server Extended Protection

Posted on by Rhoderick Milne [MSFT]
Extended Protection is set to Required on the OAB vDIR

Extended Protection (EP) was added to Windows back in 2009 as a new security feature. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protect… Read the rest “Updated Guidance On Exchange Server Extended Protection”

2

Exchange Server Extended Protection

Posted on by Rhoderick Milne [MSFT]
Exchange Server Extended Protection

Extended Protection uses service binding and channel binding to help prevent an authentication relay attack. In an authentication relay attack, a client that can perform NTLM authentication (for example, Windows Explorer, Microsoft Outlook, a .NET SqlClient application, etc.), connects to an attacker (for example, a malicious CIFS file server). The attacker uses the client's credentials to masquer… Read the rest “Exchange Server Extended Protection”

0

Remediate Exchange Security CVE-2022-21978

Posted on by Rhoderick Milne [MSFT]
Remediate Exchange CVE-2022-21978

The May 2022 security update for Exchange Server 2013, 2016 and 2019 resolved CVE-2022-21978.  A common issue is that admins are only doing part of the work to address this CVE.  Yes they are installing the update, but are not reading the rest of the documentation which states that an additional command must be run.

The FAQ states:

Do I need to take further steps to be protected from this vulnerabilRead the rest “Remediate Exchange Security CVE-2022-21978”

5

Implementing Exchange DownloadDomain Security

Posted on by Rhoderick Milne [MSFT]
Implement Exchange DownloadDomain

In the field, I’m seeing multiple customers that are struggling to implement the DownloadDomain feature. It does require a little prep work and it is not as simple as just running a single command in Exchange to flip the setting on.

In order to mitigate and issue with OWA, it is necessary to create an additional CAS namespace that will be used for downloading attachments from OWA.  This will requir… Read the rest “Implementing Exchange DownloadDomain Security”

2

Exchange 2019 Point of No Return

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 PrepareAD - The Point of No Return

When designing an upgrade strategy from an older version of Exchange to a newer one, a question that needs to be addressed is do we need to introduce a version of Exchange that may not currently be present?  This may be when upgrading from Exchange 2013 to Exchange 2019.  If that organisation currently does not have any Exchange 2016 servers, you need to evaluate if there may be a future requireme… Read the rest “Exchange 2019 Point of No Return”

4

Exchange 2019 CU12 Released

Posted on by Rhoderick Milne [MSFT]
Exchange 2019 CU12 Released

Exchange 2019 CU12 has been released to the Microsoft Volume Licensing Center and the public Microsoft Download site!  Exchange 2019 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2019 and can be used to install a fresh server or to upd… Read the rest “Exchange 2019 CU12 Released”