CISA and National Security Agency Publish New Best Practices for On-Premises Microsoft Exchange Server Security -- Redmondmag.com

Redmond Dispatch

CISA and National Security Agency Publish New Best Practices for On-Premises Microsoft Exchange Server Security

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA) and international partners, released a new best-practices guide aimed at hardening on-premises Microsoft Exchange Server installations amid sustained threat activity.

Key recommendations include a focus on securing network encryption, tighter user access and authentication processes and reducing application attack surfaces. CISA also suggests decommissioning any hybrid exchange servers post the transition to Microsoft 365 to reduce exploitation activities.

The agency stressed that merely installing updates is not sufficient — organizations must audit, reconfigure, and decommission insecure environments as part of a broader zero-trust posture. A full guide on Exchange Server Best Practices can be viewed here.

Posted by Redmondmag.com Editors on 10/31/2025

Featured

Microsoft Makes Point-in-Time Restore Generally Available for Windows 11

Microsoft has made point-in-time restore generally available for Windows 11, giving users and IT administrators a built-in way to roll back PCs after bad updates, driver problems, app corruption or other disruptions.
PowerShell Trusted Hosts for Mixed Environments

Trusted host lists can help keep PowerShell remoting working in mixed domain and workgroup environments, but only if admins avoid overwriting existing WinRM settings.
AI Cost, Security Pressures Push Enterprises Toward Private Cloud, Broadcom Says

Broadcom Inc. is making the case that enterprise AI has reached a new infrastructure phase, arguing that production workloads are forcing organizations to rethink where they run cloud applications and how they manage cost, security and governance.
Microsoft, Chevron Partner on Power Deal for Massive Texas AI Datacenter

Microsoft on Monday unveiled plans for one of the largest datacenter expansions in its history, pairing a new 2-gigawatt AI-focused campus in Pecos, Texas, with a 20-year power agreement from Chevron designed to ensure the facility has dedicated energy capacity as demand for AI services continues to surge.
Where Air Gapped Backups Actually Fail, Part 2

Air gapped backups can still fail when configuration drift, lost encryption keys and routine human mistakes go unnoticed until recovery is needed.