The Canadian Centre for Cyber Security (Cyber Centre) has joined the United States’ National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) as well as the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in releasing guidance on Microsoft Exchange Server security best practices.
Many organizations rely on Microsoft Exchange for critical communications, which require protection from threat actors. Reported abuse and exploitation of vulnerabilities within Exchange further demonstrates the importance of implementing security best practices.
Prevention and hardening defences are critical for Exchange servers to mitigate various types of compromises and protect the sensitive information and communications they manage.
This joint guidance provides security best practices to help administrators harden on-premises Exchange servers by enforcing a prevention posture and hardening authentication and encryption.
Read the full joint publication: Microsoft Exchange Server security best practices (PDF)