Exchange Server Support for Windows Extended Protection
Hi All,
With the August 2022 Updates for ExchangeServer 2013/2016/2019 there is a new Feature called Windows Server Extended Protection. This will help against authentication relay or “man in the middle” (MitM) attacks.
Restrictions
- does not work with hybrid servers using Modern Hybrid configuration
- SSL Offloading scenarios are not supported
- Automated Archiving with Archive Policy is not suported
- TLS configuration must be consistent across all Exchange servers
- Access to Public Folders on Exchange 2013 not supported
The newest version of HealthChecker.ps1 does also support it. It will update automatically
After you restart the PowerShell Session and rerun HealthChecker.ps1 it will show you the Output for the IIS Modules and the VirtualDirectory
./HealthChecker.ps1
You can download the ExchangeExtendedProtectionManagement.ps1 from the Site below
.\ExchangeExtendedProtectionManagement.ps1 -ShowExtendedProtection
Now let’s enable Extended Protection
.\ExchangeExtendedProtectionManagement.ps1
Had to fix this
Set-OutlookAnywhere -Identity 'ICESRV06\RPC (Default Web Site)' -SSLOffloading $false -InternalClientsRequireSsl $true -ExternalClientsRequireSsl $true
Let’s try again
.\ExchangeExtendedProtectionManagement.ps1
Let’s see what it looks like
.\ExchangeExtendedProtectionManagement.ps1 -ShowExtendedProtection
Let’s again run HealhChecker and see the Results
./HealthChecker.ps1
Regards
Andres Bohren
