202301 - Exchange onpreme - PowerShell Serialization Payload Signing

Released: January 2023 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-january-2023-exchange-server-security-updates/ba-p/3711808

https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/

1.  Update KB5022143 (Exchange SU)

2. Run latest HealthCherker

3. 
PowerShell Serialization Payload Signing
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/


Certificate signing of PowerShell serialization payload in Exchange Server
https://support.microsoft.com/en-us/topic/certificate-signing-of-powershell-serialization-payload-in-exchange-server-90fbf219-b0dd-4b2c-8a68-9d73b3309eb1

4. MonitorExchangeAuthCertificate
   https://microsoft.github.io/CSS-Exchange/Admin/MonitorExchangeAuthCertificate/

5. 

            
New-SettingOverride -Name "EnableSigningVerification" -Component Data -Section EnableSerializationDataSigning -Parameters @("Enabled=true") -Reason "Enabling Signing Verification"

6. 

Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh 

7. 

Restart-Service -Name W3SVC, WAS -Force 

8. 
SerializedDataSigning Enabled: True

Before

After