Shulou(Shulou.com)06/02 Report--

The official version of Exchange 2019 has been out for some time. You should have some basic understanding of some of its new features. I will share them with you one by one later.

What I want to share with you today is the security of exchange 2019. In terms of security, exchange 2019 has enhanced security in two aspects compared with 2016:

For point 1, exchange 2019 supports installation in windows server Core environment, so I won't introduce it in detail. Friends who need to know can refer to the following link:

Https://blogs.technet.microsoft.com/exchange/2018/07/26/deploy-exchange-server-2019-on-windows-server-core/

For point 2, block external access to EAC and EMS. In versions prior to exchange 2019, if the administrator prohibited external access to EAC, we needed to go through the following process:

Modify the virtual ECP virtual directory of exchange 2013 or 2016 and set the parameter adminenable to false:Set-ECPVirtualDirectory-Identity "\ ecp (Default Web Site)"-AdminEnabled $false to re-build another exchange 2013 or 2016 server in the production environment for EAC management or by adding a second IP to the existing server and then creating a new website through IIS

If you are using exchange 2013 or 2016 and you happen to have this demand, you can refer to the link below:

Https://docs.microsoft.com/ZH-CN/exchange/architecture/client-access/disable-exchange-admin-center-access?view=exchserver-2016

In local exchange 2019, the security of external access to EAC and EMS has been enhanced. We can directly limit the restrictions on ExchangeAdminCenter and RemotePowerShell through client access rules. Let me introduce you in detail through some actions:

We can allow only specified IP access to EAC with the following command

New-ClientAcce***ule-Name AllowAccessEAC-Action Allow-AnyOfProtocols ExchangeAdminCenter-AnyOfClientIPAddressesOrRanges 192.168.1.8 allows the specified IP segment to access EAC with the following command

New-ClientAcce***ule-Name AllowAccessEAC-Action Allow-AnyOfProtocols ExchangeAdminCenter-AnyOfClientIPAddressesOrRanges 192.168.1.0 Universe 24

Currently, exchange 2019 only supports control of ExchangeAdminCenter and RemotePowerShell, while the following lists are supported on exchange online:

ExchangeActiveSync

ExchangeAdminCenter

ExchangeWebServices

IMAP4

OfflineAddressBook

OutlookAnywhere

OutlookWebApp

POP3

PowerShellWebServices

RemotePowerShell

REST

UniversalOutlook (Mail and Calendar app)

For the specific process, please refer to the official link:

Https://docs.microsoft.com/en-us/powershell/module/exchange/client-access/new-clientacce***ule?view=exchange-ps

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.