New episode!

Latest Episode: Microsoft Lists, Planner and To-Do Oh My! – Part 1

Stephen talks to Mark Kashman, Sr. Product Mgr. @ Microsoft, about Microsoft Lists, Planner, & To Do: what they do and when to use which.

Microsoft to Enable Extended Protection By Default on Exchange Server

Key takeaways:

Microsoft is introducing default Extended Protection on Exchange Server, elevating security against cyberattacks.

Extended Protection strengthens NTLM protocol to counter credential theft and man-in-the-middle attacks.

Microsoft will let Exchange Server administrators opt out of the default configuration.

Microsoft has announced its plans to enable Extended Protection by default on Exchange Server later this year. Scheduled to roll out with the 2023 H2 Cumulative Update, the new security feature will help organizations to boost protection against credential theft and man-in-the-middle attacks.

Windows Extended Protection is a security feature that is designed to secure communication between client and server devices. It strengthens the NTLM (Windows NT LAN Manager) protocol that is used to authenticate users in Windows environments. The Extended Protection feature helps to protect users against various types of attacks, including credential theft and man-in-the-middle (MiTM) attacks.

Last year, Microsoft introduced Extended Protection support to mitigate specific vulnerabilities in Exchange Online. Currently, IT admins need to manually enable Extended Protection support on Exchange Servers in their tenants. Starting with the 2023 H2 Cumulative Update (CU), Microsoft will enable Extended Protection by default for Exchange Server 2019.

“EP allows a binding to occur within Windows Authentication in IIS between the auth information passed at the Application layer and the TLS encapsulation at the lower levels of the protocol stack. Auth information is also supplemented by adding the namespace the client is accessing in the connection,” the Exchange team explained.

Microsoft to let Exchange Server admins opt out of the default Extended Protection setting

Microsoft notes that organizations will be able to use the command-line CU installer to opt out of the default configuration. However, IT admins who use the unattended Setup/scripts to deploy cumulative updates will need to add the new Setup parameter manually. Microsoft recommends the following course of action:

Exchange Server customers will need to install CU14 on machines running the Aug 2022 SU (or later) and have enabled Extended Protection.

Customers will need to install CU14 with the default ‘Enable EP’ on Exchange Server machines running the Aug 2022 SU (or later) but have not yet enabled the Extended Protection feature.

Microsoft advises all administrators to enable Extended Protection in their organizations. “If you have any servers older than the August 2022 SU, then your servers are considered persistently vulnerable and should be updated immediately. Further, if you have any Exchange servers older than the August 2022 SU, you will break server-to-server communication with servers that have EP enabled,” the Exchange team added.

It’s important to note that threat actors are increasingly looking to search, discover, and exploit vulnerabilities in Exchange Server. The integration of Extended Protection support should offer a robust defense against rising threats like MITM attacks.