Controls/EDCA-GOV-007.json
|
{
"id": "EDCA-GOV-007", "title": "Mailbox database prohibit-send quota is configured", "description": "The ProhibitSendQuota property of each mailbox database SHOULD be set to a specific value rather than Unlimited. Configuring this limit prevents users from sending new mail when their mailbox is near capacity.", "verify": true, "subject": "Database", "category": "Governance", "severity": "Low", "severityWeight": 3, "frameworks": [ "Best Practice", "CIS" ], "references": [ { "name": "CIS 2.1.4 (L1): Ensure Mailbox quotas Prohibit send at is set", "url": "https://www.cisecurity.org/benchmark/microsoft_exchange_server" }, { "name": "Configure storage quotas for a mailbox in Exchange Server", "url": "https://learn.microsoft.com/exchange/recipients/user-mailboxes/storage-quotas" } ], "remediation": { "automatable": true, "description": "Set ProhibitSendQuota on each mailbox database to a defined quota value.", "scriptTemplate": "# Set prohibit-send quota on a specific mailbox database (adjust name and size as needed).\n# To target a specific database: replace 'DatabaseName' with the actual database name.\nSet-MailboxDatabase -Identity 'DatabaseName' -ProhibitSendQuota 1.95GB" }, "considerations": "Set this value between the issue-warning quota and the prohibit-send-receive quota. Review impacts on users with large mailboxes before applying.", "roles": [ "Mailbox" ] } |