Microsoft has released security updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
IMPORTANT: Updates are released in a self-extrac...
Updated Aug 11, 2022
Version 8.0
Blog Post
After enabling Extended Protection on all our 2016 CU22 servers we found a couple of issues.
1. The statement in the docs @ https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/#tls-configuration-must-be-consistent-across-all-exchange-servers about SchUseStrongCrypto did not appear to be true. We had SchUseStrongCrypto configured to 0, but this was not considered to be a valid configuration for the script. We had to set this to 1 on all servers before the script would continue.
2. After successfully configuring all servers and verifying operations, we found SCOM throwing multiple errors on probes that were executed. Also Exchange Healthmonitoring was reporting authentication problems to healthmailboxes. Probes unable to authenticate seem to be these 3: OutlookMapiHttpCtpProbe, ComplianceOutlookLogonToArchiveMapiHttpCtpProbe, OutlookRpcCtpProbe