Hi @Marc ,
Agree Andy, you do not need to PrepareAD. It is recommended that you run the maintenance script to put the server into maintenance mode before installing SU and exit maintenance mode after the installation is complete.
Extended Protection enhances the existing authentication functionality in Microsoft Exchange Server to help mitigate authentication relay or "man in the middle" attacks.
Yes, your steps are right.
You can also get this Exchange SU through the method in the official article.
For more information about installing the Exchange SU, you can refer to: install-exchange-security-update
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.