Today we are announcing the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14). CU14 includes fixes for customer reported issues, a security change, and all previo...
Updated Feb 22, 2024
Version 11.0
Blog Post
LukasSMSFT
Microsoft
MicrosoftPankaj_Messaging_Specialist as already mentioned, SchUseStrongCypto has an effect on outgoing connections where the server itself acts as client. It doesn't affect incoming connections where the server acts as server.
The values under HKLM\Software\WOW6432Node\Microsoft\.NetFramework\v2.0.50727 are not required but recommended to ensure that all applications on the server behave identically.
The values under HKLM\Software\WOW6432Node\Microsoft\.NetFramework\v4.0.30319\ are required and the script will not enable EP until the values are created and set as expected.
We explain all of this in our documentation: https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-tls-configuration?view=exchserver-2019#enable-net-framework-4x-schannel-inheritance
And yes, this: .\ExchangeExtendedProtectionManagement.ps1 -PrerequisitesCheckOnly will only do the prerequisites check and not enable EP