Skip to content

Jul26SU Release#2566

Merged
lusassl-msft merged 3 commits into
mainfrom
July26SU
Jul 14, 2026
Merged

Jul26SU Release#2566
lusassl-msft merged 3 commits into
mainfrom
July26SU

Conversation

@lusassl-msft

Copy link
Copy Markdown
Contributor

July 2026 SU Release

dpaulson45 and others added 3 commits July 14, 2026 18:45
Add Jul26SU build entries for:
- Exchange 2016 CU23: 15.1.2507.71
- Exchange 2019 CU14: 15.2.1544.43
- Exchange 2019 CU15: 15.2.1748.48
- Exchange SE RTM: 15.2.2562.45

Update latestSUBuild markers to Jul26SU for all supported versions.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add Jul26SU entry with 4 CVEs for Exchange 2016, 2019, and SE:
CVE-2026-55005, CVE-2026-55006, CVE-2026-55008, CVE-2026-55009

Update SE test CVE count from 19 to 23 accordingly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Detect legacy Exchange security groups (Exchange Domain Servers, Exchange Enterprise Servers, Exchange Recipient Administrators) in Active Directory via a single Global Catalog query using the shared Search-AllActiveDirectoryDomains helper, and surface a Yellow best-practice warning in the Organization Information section recommending they be reviewed and removed.

Results are rendered as an Out-Columns table (DistinguishedName, Scope, Members). Pester coverage mocks Search-AllActiveDirectoryDomains so the real parsing logic is exercised.

Resolves #2559

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 1717cb36-0cf5-4217-a37c-c97f7dc04bd5
Copilot AI review requested due to automatic review settings July 14, 2026 16:49
@lusassl-msft lusassl-msft requested a review from a team as a code owner July 14, 2026 16:49
@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines:
There may be pipelines that require an authorized user to comment /azp run to run.

@lusassl-msft

Copy link
Copy Markdown
Contributor Author

/azp run

@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines:
Successfully started running 1 pipeline(s).

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates CSS-Exchange for the July 2026 Security Update (SU) release by refreshing Exchange build/version metadata and extending HealthChecker to detect and report legacy Exchange security groups as an organization best-practice finding.

Changes:

  • Update “latest SU” detection and build dictionaries to include Jul26SU for Exchange 2016/2019/SE, plus add the Jul26SU CVE set in the security analyzer.
  • Add Get-ExchangeLegacySecurityGroups data collection, wire it into Organization Information collection, and surface results in the Organization Information analyzer output.
  • Extend HealthChecker Pester coverage with mocks and scenarios validating legacy group detection and parsing behavior.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
Shared/Get-ExchangeBuildVersionInformation.ps1 Updates latest SU checks and build dictionary entries to recognize Jul26SU builds.
Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1 Adds Jul26SU CVE entries so HealthChecker reports the new CVEs.
Diagnostics/HealthChecker/DataCollection/OrganizationInformation/Get-ExchangeLegacySecurityGroups.ps1 New data collector that queries AD (GC) for legacy Exchange security groups and normalizes results.
Diagnostics/HealthChecker/DataCollection/OrganizationInformation/Invoke-JobOrganizationInformation.ps1 Integrates legacy security group data collection into the organization info job output.
Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerOrganizationInformation.ps1 Adds a new Yellow best-practice section + table for legacy Exchange security groups.
Diagnostics/HealthChecker/Tests/HealthCheckerTest.CommonMocks.NotPublished.ps1 Adds helper + default mock for AD search to support testing legacy group behavior.
Diagnostics/HealthChecker/Tests/HealthChecker.SE.Scenarios.Tests.ps1 Adds scenario coverage for detecting/parsing legacy groups using a parameter-filtered AD search mock.
Diagnostics/HealthChecker/Tests/HealthChecker.SE.Main.Tests.ps1 Updates expected CVE count and asserts the new AD search is invoked once.

@lusassl-msft lusassl-msft merged commit c7cec00 into main Jul 14, 2026
8 checks passed
@lusassl-msft lusassl-msft deleted the July26SU branch July 14, 2026 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants