Exchange must provide Mailbox databases in a highly available and redundant configuration.

From MS Exchange 2013 Mailbox Server Security Technical Implementation Guide

Part of SRG-APP-000435

Associated with: CCI-002385

SV-84683r1_rule Exchange must provide Mailbox databases in a highly available and redundant configuration.

Vulnerability discussion

To protect Exchange Server mailbox databases and the data they contain by configuring Mailbox servers and databases for high availability and site resilience.A database availability group (DAG) is a component of the Mailbox server high availability and site resilience framework built into Microsoft Exchange Server 2013. A DAG is a group of Mailbox servers that hosts a set of databases and provides automatic database-level recovery from failures that affect individual servers or databases.A DAG is a boundary for mailbox database replication and database and server switchovers and failovers. Any server in a DAG can host a copy of a mailbox database from any other server in the DAG. When a server is added to a DAG, it works with the other servers in the DAG to provide automatic recovery from failures that affect mailbox databases, such as a disk, server, or network failure.

Check content

Review the Email Domain Security Plan (EDSP). Determine if the Exchange Mailbox databases are using redundancy. Open an Exchange Admin Center. Navigate to and select Microsoft Exchange >> Microsoft Exchange On - Premises >> Organization Configuration >> Mailbox. In the right pane, if two or more Mailbox servers are not listed, this is a finding.

Fix text

Update the EDSP. Add two or more Mailbox servers to the database availability group.

Pro Tips

Powered by sagemincer