More than one Edge server must be deployed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-259596 | EX19-ED-000109 | SV-259596r961152_rule | CCI-001094 | medium |
| Description | ||||
| To ensure hostile insiders are unable to easily commit DoS attacks and reduce the effectiveness of mail flow throughout the environment, a second Edge server is deployed to allow for multiple paths of mail flow both internally and externally into the environment. This prevents a single point-of-failure and allows for service to continue in the event of a DoS attack targeting one Edge role. | ||||
| STIG | Date | |||
| Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide | 2024-12-06 | |||
Details
Check Text (C-259596r961152_chk)
Review the EDSP for current configuration.
On the mailbox server, open a PowerShell prompt and run the following command:
Get-EdgeSubscription
If there is only one subscription on each server, this is a finding.
Fix Text (F-63243r942101_fix)
At a minimum, a second server must be deployed and subscribed to.