Exchange Server 2019 is a single server role architecture and it is easy to deploy. I have share the details on how to install Exchange Server 2019 in my blog and here we will see the post installation steps to make the Exchange Server 2019 fully functional.

I’m just sharing basic information post installation steps that you need to do after Exchange Server 2019 installation.

Step 1: Create a Send connector to send emails to External Domain.

By default, there is no option to send an email to external domain. We have a manually create a send connector to send emails to external domain.

Step 2: Create Accepted Domains

Domain in which Exchange 2019 installed will be authoritative by default (domain.local) etc and if we want to have an email address like domain.com, we need to create an accepted domain with the name domain.com

Step 3: Configure Email Address Policy

We have created Accepted domain in the above steps and to stamp that domain.com email address to the recipients, we need to configure the default email address policy and apply the email address policy to all the mailboxes

Step 4: Configure Exchange Certificate

All the services in use to be configured to use SSL instead of self-signed certificate and certificate to be configured for all the services

Step 5: Configure Exchange Virtual Directory External and Internal Urls and Authentication Methods

Services that are published external to be configured with the external Url and internal urls to be modified as per the design plan. Ensure you have configured the right Authentication Method for each Virtual Directory

Step 6: Configure Load Balancing for Client Access Urls

Once the Virtual directory settings are configured, we can consider to configure load balancing for all the Client Access Protocols

Step 7: Verify all types of client connections to Exchange

Check the Outlook connectivity, Auto Discover, OWA, ECP, EWS, Exchange Active Sync, Outlook Anywhere client connection.

Step 8: Setup Monitoring and Alerting

One of the must have thing for Exchange environment is to have proper monitoring solution to monitor and alert if any issues in Exchange.

Step 9: Setup Mobile Device configuration

We can consider to have Mobile Device Access Policies based on the company security standards if Users are allowed to access their mailbox using Mobile devices.

Step 10: Secure Mail Flow

Ensure you have proper Anti-Spam and Anti Malware scanning available for mail flow by configuring the default malware scanning engine or route inbound and outbound mail flow via Exchange Online Protection.

Leave your comments for any queries on the above.

ADRMS service provides Information Rights Management protection to Exchange Server, SharePoint Servers and File Servers. When using ADRMS, we can configure Protection Templates like Do Not Reply All, View Only etc and made them available for end users to apply those templates on email or documents to protect the confidential documents and emails.

We need to deploy ADRMS service in On-Premise environment with the required templates and need to publish those templates for end users to consume it. I have the ADMRS Infrastructure in my lab and Exchange Server 2019 installed.

Exchange Server will have the below IRM configuration as default

And users will be prompted to Connect to Rights Management Servers to get the IRM templates published by an administrator

Configuring Exchange Server 2019 to use ADRMS

Setting up Exchange Server to use IRM is simple, we need to set the InternalLicensingEnabled parameter on the Set-IRMConfiguration command to True. Below shows the settings change.

Exchange will do a SCP lookup and do the IRM configuration.

User is able to access the IRM template now after the ADRMS service deployment and the IRM configuration in Exchange.

IRM Template from OWA

I have a plan to show case the demo on IRM configuration change from ADRMS to Azure RMS for Exchange Server 2019. I will post it later.

Exchange Server 2019 automatically configures Internet Information Service Virtual Directories related to the Exchange. Clients will connect to these Virtual Directories to access the Services provided by Exchange Servers. This post shows the default configurations of Exchange Server 2019 Virtual Directory.

Internal and External URL, SSL configuration and the Authentication methods are the important parameters related to Virtual Directories, we will see all those configurations in detail.

Below are the Virtual Directory created during the Exchange Server 2019 installation.

I have preferred mail.superhybridcloud.com as the namespace for the all the exchange services and I already changed it. Exchange Certificate installation and configuration are already done.

Auto Discover:

Auto Discover allows the email clients like Outlook to discover the mailbox settings and configure the mailbox automatically without entering the details like server information etc. Service Connection Point object in AD will be referred by Auto Discover to get the User information.

Get-ClientAccessService is command to configure the Internal Url and the Authentication Methods as shown below.

No need to set the Internal / External Url using Set-AutodiscoverVirtualDirectory as it is applicable when using Exchange Server 2010.

MAPI over HTTP:

MAPI over HTTP is the default protocol for Outlook in Exchange Server 2019 and the Exchange 2019 installation warns the MAPIHTTP enablement if it is not enabled. To ensure it is enabled, use Get-OrganizationConfig command.

Set-MapiVirtualDirectory command be used to manage MAPI over HTTP related settings

Exchange Control Panel:

Exchange Control Panel is where an admin can access Exchange Admin Center to manage the Exchange Service. Basic Authentication and FBA are the default Authentication method set on the ECP virtual directory.

Use Set-ECPVirtualDirectory command to manage the ECP virtual directory related settings.

Outlook on the Web (OWA):

OWA virtual directory allows the emails access using Web Browser and we can use Set-OWAVirtualDirectory to configure the OWA virtual directory settings

Active Sync:

Mobile Device clients that support Exchange Active Sync connects to Active Sync Virtual directory to access the mailbox.

Default configuration will not set any Authentication we can enable basic to allow the clients to access the mailbox using Active Sync protocol.

Set-ActiveSyncVirtualDirectory command allows you to configure the Active Sync related settings.

Offline Address Book (OAB):

Outlook clients using Cached mode requires offline address book to access the address book when it is not connected to exchange.

You can use Set-OABVirtualDirectory command to modify the OAB settings

Exchange Web Service (EWS):

EWS virtual directory supports many features like free busy look up, calendar sharing, mail tips and OOO etc. You can use Set-WebServicesVirtualDirectory command to manage EWS virtual directory settings.

Outlook Anywhere (OA / RPC over HTTP):

MAPI over HTTP is the default protocol for MAPI clients having mailbox in Exchange Server 2019 but it still supports Exchange for legacy clients that does not support MAPI over HTTP.

Set-OutlookAnywhere command can be used to manage Outlook Anywhere related settings.

Hope above details are informative. Comment for any queries.