Exchange Server Support for Windows Extended Protection

Hi All,

With the August 2022 Updates for ExchangeServer 2013/2016/2019 there is a new Feature called Windows Server Extended Protection. This will help against authentication relay or "man in the middle" (MitM) attacks.

Exchange Server Support for Windows Extended Protection

  • does not work with hybrid servers using Modern Hybrid configuration
  • SSL Offloading scenarios are not supported
  • Automated Archiving with Archive Policy is not suported
  • TLS configuration must be consistent across all Exchange servers
  • Access to Public Folders on Exchange 2013 not supported

The newest version of HealthChecker.ps1 does also support it. It will update automatically


After you restart the PowerShell Session and rerun HealthChecker.ps1 it will show you the Output for the IIS Modules and the VirtualDirectory

./HealthChecker.ps1


You can download the ExchangeExtendedProtectionManagement.ps1 from the Site below

ExchangeExtendedProtectionManagement

.\ExchangeExtendedProtectionManagement.ps1 -ShowExtendedProtection


Now let's enable Extended Protection

.\ExchangeExtendedProtectionManagement.ps1


Had to fix this

Set-OutlookAnywhere -Identity 'ICESRV06\RPC (Default Web Site)' -SSLOffloading $false -InternalClientsRequireSsl $true -E
xternalClientsRequireSsl $true


Let's try again

.\ExchangeExtendedProtectionManagement.ps1



Let's see what it looks like

.\ExchangeExtendedProtectionManagement.ps1 -ShowExtendedProtection



Let's again run HealhChecker and see the Results

./HealthChecker.ps1



Regards
Andres Bohren