Now that the September 2021 Cumulative Updates (CUs) for Exchange Server 2019 and Exchange Server 2016 have been released, customers around the world now have access to a new security feature in Exch...
Updated Oct 01, 2021
Version 1.0
Blog Post
We understand that the need for manual removal of something that was added to the server automatically creates a burden for the admin. We also know that figuring out which mitigations can be removed, and which ones cannot, poses a problem. We want to provide added protections to customers, but we also want to do that in a frictionless way.
I don't understand how anyone could think requiring manual removal of automatically added temporary mitigations was a good idea in the first place. If the system is smart enough to install make changes on its own, it should be smart enough to know when to back them out, too, and not rely on admins having to scour logs to find all the myriad places those mitigations can put themselves, determine whether they should be removed, and unwind them.
Sorry, but until this can actually be "frictionless," Set-OrganizationConfig -MitigationsEnabled $False.