Quick Hits

Microsoft Adds Emergency Threat Mitigation to Its Exchange Server Software

The built-in service automates mitigations to known Exchange Server threats.

Microsoft has baked a new threat mitigation feature into Exchange Server that will roll out this week as part of its September 2021 cumulative update to the software platform. 

The new Emergency Mitigation (EM) software component allows Microsoft to create and execute vulnerability mitigations for its customers' Exchange Servers automatically. The EM service checks for mitigations hourly via Microsoft's cloud-based Office Config Service.

"If Microsoft learns about a security threat and we create a mitigation for the issue, that mitigation can be sent directly to the Exchange server, which would automatically implement the pre-configured settings,"  the Microsoft Exchange Server team wrote in a community blog post announcing the new feature.

The EM service can also be disabled by an admin if the organization prefers to handle its own mitigations. 

"As stated previously, the EM service is not a replacement for Exchange SUs, but it is the fastest and easiest way to mitigate the highest risks to Internet-connected, on-premises Exchange servers prior to updating,"

Read more here.