Security News > 2023 > August > Microsoft adds HSTS support to Exchange Server 2016 and 2019

Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security.
Microsoft provides detailed information on configuring HSTS on Exchange Server 2016 and 2019 via PowerShell or the Internet Information Services Manager on its documentation website.
Admins can also disable Exchange Server HSTS support by rolling back the configuration for each server.
"Please read the documentation carefully as some of the settings that are provided by the default IIS HSTS implementation must be configured in a different way as they could otherwise break connectivity to Exchange Server," the Exchange Team said today.
"Exchange HealthChecker will receive an update soon that will help you to find out if the HSTS configuration on your Exchange Server is as expected."
This week, Redmond announced that Windows Extended Protection will be enabled by default on Exchange Server 2019 starting this fall.
News URL
Related news
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)