Build an ultra-secure Microsoft Exchange Server

With all the news about information leaks, hackers, and encryption, it’s natural for security administrators to ask how to make an ultra-secure Microsoft Exchange Server deployment that’s good enough for any purpose outside of sending top secret information. I’ll show you how to build out an Exchange Server 2016 deployment in a Hyper-V virtual machine that is as secure as I can possibly make it while still allowing it to be usable. We’re talking locked down, encryption both at rest and in transit, securely accessible from remote locations, and hardened against interlopers.

Specifically, I’ll explain how to build:

• An Exchange Server. I am sure a lot of people will roll their eyes and say Microsoft Exchange cannot ever be secured properly and that true security can only come from Sendmail or Postfix custom compiled. I take issue with that. Those solutions might work if you are hosting a server for yourself and perhaps a couple of other people, but Exchange has valuable groupware features.

  Secondly, information lives both in e-mail and in calendars and contacts. Neither Sendmail nor Postfix address that in an integrated way. If you secure Exchange, you secure calendars, contacts, inboxes, journal entries, instant message conversation history, and more. Finally, most people prefer Outlook and Outlook simply works best with Exchange.