Controls/EDCA-GOV-006.json
|
{
"id": "EDCA-GOV-006", "title": "Mailbox database prohibit-send-receive quota is configured", "description": "The ProhibitSendReceiveQuota property of each mailbox database SHOULD be set to a specific value rather than Unlimited. Configuring this hard limit prevents oversized mailboxes from consuming unrestricted storage.", "verify": true, "subject": "Database", "category": "Governance", "severity": "Low", "severityWeight": 3, "frameworks": [ "Best Practice", "CIS" ], "references": [ { "name": "CIS 2.1.3 (L1): Ensure Mailbox quotas Prohibit send and receive at is set", "url": "https://www.cisecurity.org/benchmark/microsoft_exchange_server" }, { "name": "Configure storage quotas for a mailbox in Exchange Server", "url": "https://learn.microsoft.com/exchange/recipients/user-mailboxes/storage-quotas" } ], "remediation": { "automatable": true, "description": "Set ProhibitSendReceiveQuota on each mailbox database to a defined quota value.", "scriptTemplate": "# Set prohibit-send-receive quota on a specific mailbox database (adjust name and size as needed).\n# To target a specific database: replace 'DatabaseName' with the actual database name.\nSet-MailboxDatabase -Identity 'DatabaseName' -ProhibitSendReceiveQuota 2GB" }, "considerations": "Ensure the prohibit-send-receive quota is set higher than the prohibit-send quota and the issue-warning quota. Coordinate with your storage and capacity planning team before adjusting.", "roles": [ "Mailbox" ] } |