How to configure Exchange Server for secure external email communication.

Courses
- Microsoft
  - All Microsoft
  - Azure
    - Trending Courses (Azure)
  - Power BI
    - Trending Courses (Power BI)
  - Power Platform
    - Trending Courses (Power Platform)
  - Dynamics 365
    - Trending Courses (Dynamics 365)
  - Windows 10
    - Trending Courses (Windows 10)
  - Microsoft 365
    - Trending Courses (Microsoft 365)
  - Security Engineer
    - Trending Courses (Security Engineer)
  - Microsoft Teams
    - Trending Courses (Microsoft Teams)
  - SQL Server
    - Trending Courses (SQL Server)
  - Exchange Server
    - Trending Courses (Exchange Server)
  - Solution Architect
    - Trending Courses (Solution Architect)
  - Trending Courses (Microsoft)
- Oracle
  - All Oracle
  - EBS Functional
    - Trending Courses (EBS Functional)
  - EBS Technical
    - Trending Courses (EBS Technical)
  - EBS SCM
    - Trending Courses (EBS SCM)
  - Fusion
    - Trending Courses (Fusion)
  - Financials Cloud
    - Trending Courses (Financials Cloud)
  - HCM Cloud
    - Trending Courses (HCM Cloud)
  - SCM Cloud
    - Trending Courses (SCM Cloud)
  - Sales Cloud
    - Trending Courses (Sales Cloud)
  - Procurement
    - Trending Courses (Procurement)
  - Database 19C
    - Trending Courses (Database 19C)
  - EDM
    - Trending Courses (EDM)
  - EPM
    - Trending Courses (EPM)
  - OTM
    - Trending Courses (OTM)
  - Fusion HCM
    - Trending Courses (Fusion HCM)
  - Fusion SCM
    - Trending Courses (Fusion SCM)
  - Fusion Cloud
    - Trending Courses (Fusion Cloud)
  - DRM
    - Trending Courses (DRM)
  - Apps DBA
    - Trending Courses (Apps DBA)
  - BPM
    - Trending Courses (BPM)
  - Golden Gate
    - Trending Courses (Golden Gate)
  - Exadata
    - Trending Courses (Exadata)
  - EBS
    - Trending Courses (EBS)
  - EPROC
    - Trending Courses (EPROC)
  - FCCS
    - Trending Courses (FCCS)
  - TRCS
    - Trending Courses (TRCS)
  - EPBCS
    - Trending Courses (EPBCS)
  - GTM
    - Trending Courses (GTM)
  - HRMS
    - Trending Courses (HRMS)
  - 12C
    - Trending Courses (12C)
  - PCMCS
    - Trending Courses (PCMCS)
  - Trending Courses (Oracle)
- Cisco
  - All Cisco
  - Routing & Switching
    - Trending Courses (Routing & Switching)
  - Security
    - Trending Courses (Security)
  - SD WAN
    - Trending Courses (SD WAN)
  - Enterprise
    - Trending Courses (Enterprise)
  - Meraki
    - Trending Courses (Meraki)
  - NGFW
    - Trending Courses (NGFW)
  - Network Automation
    - Trending Courses (Network Automation)
  - Cisco DevOps
    - Trending Courses (Cisco DevOps)
  - Wireless
    - Trending Courses (Wireless)
  - Cisco DevNet
    - Trending Courses (Cisco DevNet)
  - Trending Courses (Cisco)
- AWS
  - All AWS
  - Architect
    - Trending Courses (Architect)
  - Data Analytics
    - Trending Courses (Data Analytics)
  - AWS Data Science
    - Trending Courses (AWS Data Science)
  - AWS Cloud
    - Trending Courses (AWS Cloud)
  - AWS Machine Learning
    - Trending Courses (AWS Machine Learning)
  - AWS Development
    - Trending Courses (AWS Development)
  - AWS Security
    - Trending Courses (AWS Security)
  - AWS DevOps
    - Trending Courses (AWS DevOps)
  - Data Warehouse
    - Trending Courses (Data Warehouse)
  - Trending Courses (AWS)
- VMware
  - All VMware
  - vSphere
    - Trending Courses (vSphere)
  - NSX T
    - Trending Courses (NSX T)
  - vRealize
    - Trending Courses (vRealize)
  - Tanzu
    - Trending Courses (Tanzu)
  - vSAN
    - Trending Courses (vSAN)
  - Workspace ONE
    - Trending Courses (Workspace ONE)
  - Horizon
    - Trending Courses (Horizon)
  - Kubernetes
    - Trending Courses (Kubernetes)
  - Automation
    - Trending Courses (Automation)
  - Trending Courses (VMware)
- ISACA
  - All ISACA
  - Cyber Security
    - Trending Courses (Cyber Security)
  - COBIT
    - Trending Courses (COBIT)
  - IT Governance
    - Trending Courses (IT Governance)
  - IT Fundamentals
    - Trending Courses (IT Fundamentals)
  - Data Engineer
    - Trending Courses (Data Engineer)
  - Trending Courses (ISACA)
- AXELOS
  - All AXELOS
  - ITIL
    - Trending Courses (ITIL)
  - PRINCE2
    - Trending Courses (PRINCE2)
  - MSP
    - Trending Courses (MSP)
  - M o R
    - Trending Courses (M o R)
  - Trending Courses (AXELOS)
- PECB
  - All PECB
  - ISO Risk Manager
    - Trending Courses (ISO Risk Manager)
  - ISO Lead Implementer
    - Trending Courses (ISO Lead Implementer)
  - ISO Lead Auditor
    - Trending Courses (ISO Lead Auditor)
  - GDPR
    - Trending Courses (GDPR)
  - SCADA
    - Trending Courses (SCADA)
  - ISO Foundation
    - Trending Courses (ISO Foundation)
  - Trending Courses (PECB)
- EC Council
  - All EC Council
  - Ethical Hacking
    - Trending Courses (Ethical Hacking)
  - Security Operations Center
    - Trending Courses (Security Operations Center)
  - Penetration Testing
    - Trending Courses (Penetration Testing)
  - Security Engineers
    - Trending Courses (Security Engineers)
  - Security Testing
    - Trending Courses (Security Testing)
  - SIEM
    - Trending Courses (SIEM)
  - Disaster Recovery
    - Trending Courses (Disaster Recovery)
  - Block chain
    - Trending Courses (Block chain)
  - CyberSecurity
    - Trending Courses (CyberSecurity)
  - Trending Courses (EC Council)
- CompTIA
  - All CompTIA
  - CompTIA Cyber Security
    - Trending Courses (CompTIA Cyber Security)
  - CompTIA Networking
    - Trending Courses (CompTIA Networking)
  - CompTIA Data Center
    - Trending Courses (CompTIA Data Center)
  - IT Support & Help Desk
    - Trending Courses (IT Support & Help Desk)
  - CompTIA Project Management
    - Trending Courses (CompTIA Project Management)
  - CompTIA Penetration Testing
    - Trending Courses (CompTIA Penetration Testing)
  - CompTIA Data Analytics
    - Trending Courses (CompTIA Data Analytics)
  - Linux
    - Trending Courses (Linux)
  - Trending Courses (CompTIA)
- PMI
  - All PMI
  - Agile
    - Trending Courses (Agile)
  - Business Process Management
    - Trending Courses (Business Process Management)
  - PMI Project Management
    - Trending Courses (PMI Project Management)
  - Business Analysis
    - Trending Courses (Business Analysis)
  - Program Management
    - Trending Courses (Program Management)
  - Trending Courses (PMI)
- Red Hat
  - All Red Hat
  - Ansible
    - Trending Courses (Ansible)
  - System Administration
    - Trending Courses (System Administration)
  - Cloud Storage
    - Trending Courses (Cloud Storage)
  - Red Hat Linux
    - Trending Courses (Red Hat Linux)
  - JBoss
    - Trending Courses (JBoss)
  - Virtualization
    - Trending Courses (Virtualization)
  - Red Hat Security
    - Trending Courses (Red Hat Security)
  - Red Hat OpenStack
    - Trending Courses (Red Hat OpenStack)
  - Red Hat OpenShift
    - Trending Courses (Red Hat OpenShift)
  - RHEL
    - Trending Courses (RHEL)
  - Trending Courses (Red Hat)
- Coupa
  - All Coupa
  - Coupa
    - Trending Courses (Coupa)
  - Trending Courses (Coupa)
- Business Rule Engine
  - All Business Rule Engine
  - Drools
    - Trending Courses (Drools)
  - Trending Courses (Business Rule Engine)
- DevOps Institute
  - All DevOps Institute
  - SRE
    - Trending Courses (SRE)
  - Risk Management
    - Trending Courses (Risk Management)
  - VSM Foundation
    - Trending Courses (VSM Foundation)
  - Agile DevOps
    - Trending Courses (Agile DevOps)
  - DeveOps
    - Trending Courses (DeveOps)
  - Trending Courses (DevOps Institute)
- Explore All

Microsoft Articles

Table of Contents

Exchange Server is a powerful email management system used by organizations worldwide. It offers several features that allow users to securely send and receive emails within their organization. However, to communicate securely with external parties, Exchange Server must be configured with specific settings and protocols. In this blog post, we'll provide a step-by-step guide on how to configure Exchange Server for secure external email communication.

Step 1: Obtain a Digital Certificate

The first step in configuring Exchange Server for secure external email communication is to obtain a digital certificate. A digital certificate is a security mechanism that ensures the authenticity of the sender and encrypts the email message.

To obtain a digital certificate, you can either use a commercial certificate authority (CA) or create your own internal CA. If you choose to use a commercial CA, you will need to purchase a digital certificate from them. If you choose to create your own internal CA, you will need to install the Certificate Services role on a Windows Server and then create a certificate template for email encryption.

Step 2: Enable TLS Encryption

The next step is to enable Transport Layer Security (TLS) encryption on the Exchange Server. TLS encryption ensures that emails are encrypted in transit between the sender and the recipient.

To enable TLS encryption, you must first install a valid digital certificate on the Exchange Server. Then, you can enable TLS encryption by going to the Exchange Admin Center (EAC) and navigating to the Mail Flow section. Under the Send Connectors tab, select the Send Connector that you want to modify and click Edit. In the Edit Send Connector dialog box, select the TLS Encryption option and select the digital certificate that you installed earlier.

Step 3: Configure Message Encryption

The next step is to configure message encryption on the Exchange Server. Message encryption ensures that the email message is encrypted at rest and can only be read by the intended recipient.

To configure message encryption, you can create a message encryption policy in the Exchange Admin Center. Under the Compliance Management section, navigate to the Messaging Records Management (MRM) section and click on the "Create a new retention policy" option. In the retention policy, enable the "Encrypt Message" option and select the appropriate digital certificate.

Step 4: Configure SPF, DKIM, and DMARC

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) are email authentication mechanisms that help prevent email spoofing and phishing attacks.

To configure SPF, DKIM, and DMARC, you must first ensure that your domain name has the necessary DNS records. Then, you can configure these mechanisms in the Exchange Admin Center by navigating to the Protection section and selecting the appropriate option.

Step 5: Configure Anti-Spam Settings

The final step is to configure anti-spam settings on the Exchange Server. Anti-spam settings help prevent spam emails from reaching the users' inbox and protect against email-based malware and phishing attacks.

To configure anti-spam settings, you can use the built-in anti-spam features in Exchange Server, such as the Content Filter and the Sender Filter. You can also configure connection filtering and recipient filtering to block spam emails based on IP addresses or email addresses.

Conclusion

Configuring Exchange Server for secure external email communication is crucial for organizations that need to communicate with external parties. By following the steps outlined in this blog post, you can ensure that your Exchange Server is configured with the necessary settings and protocols to enable secure email communication. Effective configuration of TLS encryption, message encryption, SPF, DKIM, DMARC, and anti-spam settings can help prevent email-based attacks, protect sensitive information, and enhance the overall security of your organization's email communication.