Released: July 2021 Exchange Server Security Updates

Just to add some variety to the comments. 

I just successfully upgraded (1) of our (6) Exchange 2019 Server Core DAG members to CU10 (previously CU8) along with KB5004780.

(2) of the (6) servers host passive copies of the databases and sit in a separate datacenter. (1) of these servers were used to test these updates.

All Exchange services sit behind a NLB (Network Load-Balancer).

My process went as follows:

1. Ran HealthChecker.ps1 on server, prior to ugprade, and confirmed OAuth cetificate existed and was not expired
2. Attached CU10 .iso to Domain Controller in Primary AD site. (Site with Domain Controller holding FSMO roles)
3. Assigned AD account to the "EnterpriseAdmin" and "SchemaAdmin" groups. 
4. Ran the following command from an elevated command prompt using and AD account with the above group memberships:
   1. D:\Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms
5. Allowed replication to replicate changes over night.
6. Disabled server being updated in NLB.
7. Placed server into maintenance mode.
8. Rebooted server
9. Ran the following command from an elevated command prompt using the same AD account as above:
   1. D:\Setup.exe /IAcceptExchangeServerLicenseTerms /Mode:Upgrade /DomainController:<FQDN of DC in site where server being upgraded sits>
10. Rebooted server after CU installed.
11. Installed July Windows Updates
12. Rebooted server
13. Installed KB5004780 by issuing the following command from an elevated command prompt under the same AD account as above:
    1. C:\msiexec.exe /p Exchange2019-KB5004780-x64-en.msp /qb
14. Rebooted server
15. Took server out of maintenance mode
16. Enabled server in NLB.
17. Disabled secondary Exchange server in NLB and tested access to updated Exchange server through the VIP on NLB.
    
    1. Ex: 192.168.1.1/owa
18. Confirmed OWA loaded and verified connection to patched server was shown in statistics on NLB.
19. Complete.