The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in collaboration with international partners and led by the National Security Agency, has co-authored new guidance to help organisations harden their on-premises Microsoft Exchange Server environments.
This joint publication provides security best practices for administrators to strengthen Exchange Server configurations and defend against cyber threats. Many organisations rely on Exchange for critical communications, making it a high-value target for malicious actors. Recent incidents involving the exploitation of vulnerabilities of Exchange servers highlights the importance of implementing security best practices.
Key recommendations include:
- keeping Exchange Servers up to date with the latest patches and updates
- migrating to the supported Exchange Server Subscription Edition
- enabling Microsoft’s built-in protection and mitigation features
- strengthening authentication and encryption settings
- restricting admin access and applying least privilege principles.
We strongly encourage organisations to take proactive steps to mitigate risks and prevent malicious activity, as some Exchange Server versions have recently reached end-of-life. The recommended prevention and hardening defences are critical for protecting the sensitive information and communications that Exchange servers manage.
Learn more through the Microsoft Exchange Server security best practices.