Shulou(Shulou.com)06/02 Report--

Each version of Exchange is released with content enhancements centered around some core.

In the latest Exchange Server 2019, Microsoft's vision is from the following aspects:

So today we're going to talk about security enhancements. Exchange Server 2019 official documentation reads as follows.

What is new when upgrading from Exchange 2016 to Exchange 2019?

safety

Windows Server Core support: Running Exchange in Windows deployments with fewer peripherals means there are correspondingly fewer *** facets and components to consider.

Block external access to Exchange Management Center (EAC) and the Exchange Management Shell: Client access rules can be used to allow Exchange to be managed only from the internal network, and complex network and firewall rules are not allowed.

For point 1, you can see that Exchange Server 2019 supports installation in Windows Server Core environments. This is the first time Exchange Server 2019 is allowed and recommended to install Server Core environment, the reason is very simple, because Server Core is to minimize the installation environment, reduce security risks and preparation, so Exchange installation in this environment is the most secure. Of course, installed in the graphical interface of Windows Server environment, we are still OK. However, both Server Core and GUI environments require at least Windows Server 2016 or 2019 versions, which means that Exchange Server 2019 is completely goodbye to Windows Server 2012. If you are interested in Exchange Server 2019 under Windows Server Core, you can check out the following link: docs.microsoft.com/ZH-CN/exchange/architecture/client-access/disable-exchange-admin-center-access? view=exchserver-2016

Now Exchange Server 2019 is much easier, we only need to restrict ExchangeAdminCenter and RemotePowerShell directly through client access rules.

1. We can allow access to EAC only by specified IPs with the following command

New-ClientAcce***ule -Name AllowAccessEAC -Action Allow -AnyOfProtocols ExchangeAdminCenter -AnyOfClientIPAddressesOrRanges 192.168.1.8

2. Allow access to EAC for specified IP segments by

New-ClientAcce***ule -Name AllowAccessEAC -Action Allow -AnyOfProtocols ExchangeAdminCenter -AnyOfClientIPAddressesOrRanges 192.168.1.0/24

Now it's easier to do it. I hope you have the opportunity to experience Exchange Server 2019 together.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.