Exchange Server Support for Windows Extended Protection
Hi All,
With the August 2022 Updates for ExchangeServer 2013/2016/2019 there is a new Feature called Windows Server Extended Protection. This will help against authentication relay or "man in the middle" (MitM) attacks.
Exchange Server Support for Windows Extended Protection
- does not work with hybrid servers using Modern Hybrid configuration
- SSL Offloading scenarios are not supported
- Automated Archiving with Archive Policy is not suported
- TLS configuration must be consistent across all Exchange servers
- Access to Public Folders on Exchange 2013 not supported
The newest version of HealthChecker.ps1 does also support it. It will update automatically
![](https://icewolffile.blob.core.windows.net/$web/202208/Exchange2016_ExtendedProtection_01.jpg)
After you restart the PowerShell Session and rerun HealthChecker.ps1 it will show you the Output for the IIS Modules and the VirtualDirectory
./HealthChecker.ps1
![](https://icewolffile.blob.core.windows.net/$web/202208/Exchange2016_ExtendedProtection_02.jpg)
You can download the ExchangeExtendedProtectionManagement.ps1 from the Site below
ExchangeExtendedProtectionManagement
.\ExchangeExtendedProtectionManagement.ps1 -ShowExtendedProtection
![](https://icewolffile.blob.core.windows.net/$web/202208/Exchange2016_ExtendedProtection_03.jpg)
Now let's enable Extended Protection
.\ExchangeExtendedProtectionManagement.ps1
![](https://icewolffile.blob.core.windows.net/$web/202208/Exchange2016_ExtendedProtection_04.jpg)
Had to fix this
Set-OutlookAnywhere -Identity 'ICESRV06\RPC (Default Web Site)' -SSLOffloading $false -InternalClientsRequireSsl $true -E
xternalClientsRequireSsl $true
xternalClientsRequireSsl $true
Let's try again
.\ExchangeExtendedProtectionManagement.ps1
![](https://icewolffile.blob.core.windows.net/$web/202208/Exchange2016_ExtendedProtection_05.jpg)
Let's see what it looks like
.\ExchangeExtendedProtectionManagement.ps1 -ShowExtendedProtection
![](https://icewolffile.blob.core.windows.net/$web/202208/Exchange2016_ExtendedProtection_06.jpg)
Let's again run HealhChecker and see the Results
./HealthChecker.ps1
![](https://icewolffile.blob.core.windows.net/$web/202208/Exchange2016_ExtendedProtection_07.jpg)
Regards
Andres Bohren
![](https://icewolffile.blob.core.windows.net/$web/logos/Exchange_logo.png)