SCM 2.5 includes new product baselines designed to enhance the security of the messaging servers in your organization by taking full advantage of the security features and options in Microsoft Exchange Server 2010 SP2 and Exchange Server 2007 SP3. The guidance in these baselines was created by drawing on the expertise of a wide variety of security experts with expertise in Exchange Server from across Microsoft. While designed primarily for enterprises that want to ensure their Exchange Server environment is configured using Microsoft best practice security setting recommendations, this guidance can be adapted by organizations of any size should they choose to invest the time to thoroughly study the baseline configuration information.
All organizations will obtain the most value from this material by reading the entire Exchange security guide, and reviewing the information about each setting for the baselines in Security Compliance Manager 2.5 (SCM 2.5). The Attack Surface Reference workbooks document the system services, network ports, protocols, and firewall rules needed for each of the Exchange Server roles. These and other important documentation can be found in the Attachments \ Guides node of the SCM tool.
The product baselines and guidance provide security recommendations to harden the following server roles for Exchange Server:
- Client Access
- Hub Transport
- Edge Transport
- Unified Messaging
SCM 2.5 accomplishes this in two ways: First, Windows PowerShell™-based script kits for applying Exchange Server baseline settings to the servers in your environment are included as attachments to the baselines. Second, you can export the baselines as Desired Configuration Manager configuration packs for compliance scanning with System Center Configuration Manager. For more information about the script kits, see the Exchange Server 2007 SP3 PowerShell Script Kit User Guide and the Exchange Server 2010 SP2 PowerShell Script Kit User Guide, which are also available in the Attachments \ Guides node of each Microsoft product baseline in SCM.