24 set 2021

New security feature for Exchange Server: Exchange Server Emergency Mitigation

Exchange Server Emergency Mitigation FAQ

Q: What is Exchange Server Emergency Mitigation?

A: Exchange Server Emergency Mitigation is a new feature in Exchange Server introduced in the September 2021 CUs. It detects Exchange Servers that are vulnerable to one or more known threats and applies temporary mitigations until the admin can install the available SU.

Q: What does Exchange Server Emergency Mitigation do?

A: This feature runs as a Windows service, and it checks the Office Config Service for available mitigations hourly. If a mitigation is available, the EM service downloads it and automatically applies it to the server.

Q: What is a Mitigation?

A: A mitigation is an action or set of actions used to secure an Exchange server from a known threat. If a security threat becomes known to Microsoft and we create a mitigation for the issue, that mitigation can downloaded to the Exchange server, which can automatically implement the pre-configured settings. Mitigations are sent in a signed XML file that contains configuration settings for mitigating a security threat.

Q: If I disable sending optional data to Microsoft, will the EM service still automatically apply mitigations?

A: Yes. Automatic mitigation by the EM service does not require the sending of data to Microsoft. If sending data to Microsoft is not enabled, the EM service will function normally.

Q: Will Microsoft release mitigations for every vulnerability that will be eventually fixed in an SU?

A: No. Our plan is to release mitigations only for the most severe security issues, such as issues that are being actively exploited in the wild. Because applying mitigations may reduce server functionality, we plan on releasing mitigations only when the highest impact or severity issues are found.

New security feature in September 2021 Cumulative Update for Exchange Server - Microsoft Tech Community