Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
APPLIES TO: 
2016 2019 Subscription Edition
Overview
The following topics provides security best practices and recommendations for operating Exchange Server in a secure manner. We're constantly adding new topics to this section. Check back from time to time to make sure you're informed about the latest recommendations.
| Topic | Description | Type |
|---|---|---|
| Exchange Server update FAQ | Learn why it's important to keep your Exchange server up-to-date. | Documentation |
| Exchange Server and SMB v1 | Learn why it's important to disable insecure SMB versions. | Blog post |
| Configure Download Domains in Exchange Server | Learn how to configure the Download Domain feature in Exchange Server. | Documentation |
| Configure Windows Extended Protection in Exchange Server | Learn how to configure Extended Protection in Exchange Server. | Documentation |
| Configure HTTP Strict Transport Security (HSTS) in Exchange Server | Learn how to configure HSTS in Exchange Server. | Documentation |
| Configure certificate signing of PowerShell serialization payload in Exchange Server | Learn how to configure the certificate signing of PowerShell serialization payload feature in Exchange Server. | Documentation |
| Exchange Emergency Mitigation (EM) service | Learn more about the Exchange Emergency Mitigation service in Exchange Server. | Documentation |
| Exchange Server TLS configuration best practices | Learn more about how to configure TLS correctly in Exchange Server. | Documentation |
| Exchange Server non-RFC compliant P2 FROM header detection | Learn more about the feature that detects non-RFC compliant P2 FROM headers in Exchange Server. | Documentation |