February 14, 2024 at 12:41PM
After installing Exchange Server 2019 CU14 or later, Extended Protection (EP) will be automatically enabled to strengthen Windows Server authentication and mitigate security risks. Admins should review Microsoft’s documentation and PowerShell script before toggling EP, and address any issues after enabling it. Microsoft encourages keeping servers updated to deploy emergency security patches.
After reviewing the meeting notes, the key takeaways are as follows:
– Microsoft is automatically enabling Windows Extended Protection (EP) on Exchange servers after the installation of the 2024 H1 Cumulative Update (CU14).
– EP is designed to strengthen Windows Server authentication functionality and mitigate authentication relay and man-in-the-middle (MitM) attacks.
– Admins are advised to evaluate their environments and review the Microsoft-provided ExchangeExtendedProtectionManagement PowerShell script before toggling EP on their Exchange servers.
– If issues are encountered after EP is enabled, admins can ensure that all EP prerequisites are met or use the script to turn off the feature.
– It is recommended that all customers enable EP in their environment and keep their on-premises Exchange servers up-to-date to deploy emergency security patches.
Please let me know if you need further information or details on any specific aspect of the meeting notes.