Released: May 2022 Exchange Server Security Updates

Tonny_Li I don't totally understand what you are asking and what you are trying to do. The bottom line is: if your server is vulnerable on the location where it is today, you should install May 2022 SU and run /PrepareDomain or /PrepareAllDomains (as applicable for your organization) from the machine where May 2022 SU was installed (from the BIN folder). It is unclear to me if you have any servers newer than Exchange 2013 in the organization, and if so - we suggest to run this from one of newer server versions (not Exchange 2013).

If you are building a new Exchange 2013 server (at this point I am at a loss why you would do that too and not install Exchange 2016 / 2019?) then you should install the server using Exchange 2013 CU23 and after that, install Exchange 2013 May 2022 SU. All of our security updates are cumulative and the May 2022 SU will contain all of the SUs since Exchange 2013 CU23.

Whether you move mailboxes before or after the installation of the SU is of no consequence. My suggestion would be to keep your servers updates to the latest CU + SU at all times and you can move mailboxes as needed.