Forum Discussion

Fallohide's avatar
Fallohide
Copper Contributor
Sep 09, 2024

Exchange server 2019 IIS 10 CIS hardening

Hi,

I've been tasked (forced) by my customer to implement CIS IIS hardening according to CIS_Microsoft_IIS_10_Benchmark_v1.2.1 on my Exchange Server 2019 with CU 14 and latest SU and hotfix. Health Checker is all good.

 

I really don't like to follow all settings in the CIS IIS 10 but I would like to hear a second option that this is the right path.

 

Cheers.

  • Dan_Snape's avatar
    Dan_Snape
    Steel Contributor
    Exchange isn't an IIS server, it just has IIS integrated into it's application. It's possible (probable!?) that implementing Benchmarks meant for dedicated IIS servers will break Exchange.
    I'd suggest using the Exchange 2019 CIS Benchmark for Exchange servers.
    • Fallohide's avatar
      Fallohide
      Copper Contributor
      Hi Dan,
      Yes that's what I tried to argue with my customer but in vain. But I like the "...for dedicated IIS servers.." I'll use that in my next conversation with the customer.
      I have now "Binged with Google" my way thru the IIS CIS settings and found that some of things are already implemented and some could be. But there are still quite a few that I don't dare touch.

Resources