Prepare for Microsoft certificate exam 70-345 with my Pluralsight course Designing/Deploying Exchange 2016 (70-345) Recipients and Security.
How to remove the names and IP addresses of your internal Exchange servers from the headers of outbound email messages.
How to use role based access control to manage Exchange administrative permissions, and create and assign custom role groups for specific management tasks.
A security researcher claims that Exchange has a vulnerability that allows Exchange Web Services to be accessed by bypassing multi-factor authentication.
How to use mail flow rules in Exchange Server and Exchange Online to block outbound email to specific domain names.
Microsoft has published security bulletin MS16-108, which includes critical security updates for all currently supported versions of Exchange Server.
The Office 365 Secure Score tool analyzes your tenant and provides you with detailed advice about securing your Office 365 services.
As a best practice, it is recommend that you don't configure blanket, persistent access for IT administrators to end user Exchange mailboxes.
For POP and IMAP access to Exchange Server mailboxes the best practice is to require secure logins.
The servers running Exchange Server in your environment should have unique, complex local administrator passwords that are unknown.