Exchange Server 15.0 = 2013, 15.1 = 2016, and 15.2 = 2019
Confirm if any of the registry values are present:
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" | FL }}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" | FL }}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" | FL }}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" | FL }}
Check the Registry DWORDs (WhatIf):
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType "DWORD" -WhatIf}}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType "DWORD" -WhatIf}}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value "1" -PropertyType "DWORD" -WhatIf}}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value "1" -PropertyType "DWORD" -WhatIf}}
Add the Registry DWORDs:
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType "DWORD"}}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType "DWORD" }}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value "1" -PropertyType "DWORD"}}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {New-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value "1" -PropertyType "DWORD"}}
Confirm that the registry values are there:
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" | FL }}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" | FL }}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" | FL }}
(Get-ExchangeServer | sort name | ?{$_.Admindisplayversion -like "*15.2*"}).name | %{$_;Invoke-Command -ComputerName $_ {Get-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" | FL }}
LINKS:
https://microsoft.github.io/CSS-Exchange/Security/Extended-Protection/
https://microsoft.github.io/CSS-Exchange/Security/ExchangeExtendedProtectionManagement/
Action required if you have Public Folders in your environment:
https://support.microsoft.com/en-us/topic/extended-protection-doesn-t-support-public-folder-client-permissions-management-through-outlook-bd2037b5-40e0-413a-b368-746b3f5439ee