Jul26SU Release#2566
Merged
Merged
Conversation
Add Jul26SU build entries for: - Exchange 2016 CU23: 15.1.2507.71 - Exchange 2019 CU14: 15.2.1544.43 - Exchange 2019 CU15: 15.2.1748.48 - Exchange SE RTM: 15.2.2562.45 Update latestSUBuild markers to Jul26SU for all supported versions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add Jul26SU entry with 4 CVEs for Exchange 2016, 2019, and SE: CVE-2026-55005, CVE-2026-55006, CVE-2026-55008, CVE-2026-55009 Update SE test CVE count from 19 to 23 accordingly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Detect legacy Exchange security groups (Exchange Domain Servers, Exchange Enterprise Servers, Exchange Recipient Administrators) in Active Directory via a single Global Catalog query using the shared Search-AllActiveDirectoryDomains helper, and surface a Yellow best-practice warning in the Organization Information section recommending they be reviewed and removed. Results are rendered as an Out-Columns table (DistinguishedName, Scope, Members). Pester coverage mocks Search-AllActiveDirectoryDomains so the real parsing logic is exercised. Resolves #2559 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: 1717cb36-0cf5-4217-a37c-c97f7dc04bd5
|
Azure Pipelines: There may be pipelines that require an authorized user to comment /azp run to run. |
Contributor
Author
|
/azp run |
|
Azure Pipelines: Successfully started running 1 pipeline(s). |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates CSS-Exchange for the July 2026 Security Update (SU) release by refreshing Exchange build/version metadata and extending HealthChecker to detect and report legacy Exchange security groups as an organization best-practice finding.
Changes:
- Update “latest SU” detection and build dictionaries to include Jul26SU for Exchange 2016/2019/SE, plus add the Jul26SU CVE set in the security analyzer.
- Add Get-ExchangeLegacySecurityGroups data collection, wire it into Organization Information collection, and surface results in the Organization Information analyzer output.
- Extend HealthChecker Pester coverage with mocks and scenarios validating legacy group detection and parsing behavior.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| Shared/Get-ExchangeBuildVersionInformation.ps1 | Updates latest SU checks and build dictionary entries to recognize Jul26SU builds. |
| Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1 | Adds Jul26SU CVE entries so HealthChecker reports the new CVEs. |
| Diagnostics/HealthChecker/DataCollection/OrganizationInformation/Get-ExchangeLegacySecurityGroups.ps1 | New data collector that queries AD (GC) for legacy Exchange security groups and normalizes results. |
| Diagnostics/HealthChecker/DataCollection/OrganizationInformation/Invoke-JobOrganizationInformation.ps1 | Integrates legacy security group data collection into the organization info job output. |
| Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerOrganizationInformation.ps1 | Adds a new Yellow best-practice section + table for legacy Exchange security groups. |
| Diagnostics/HealthChecker/Tests/HealthCheckerTest.CommonMocks.NotPublished.ps1 | Adds helper + default mock for AD search to support testing legacy group behavior. |
| Diagnostics/HealthChecker/Tests/HealthChecker.SE.Scenarios.Tests.ps1 | Adds scenario coverage for detecting/parsing legacy groups using a parameter-filtered AD search mock. |
| Diagnostics/HealthChecker/Tests/HealthChecker.SE.Main.Tests.ps1 | Updates expected CVE count and asserts the new AD search is invoked once. |
ninobb
approved these changes
Jul 14, 2026
tweekerz
approved these changes
Jul 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
July 2026 SU Release