CISA Orders Agencies to Conduct Fresh Scans of Microsoft Exchange Servers dem10/iStock.com email March 31, 2021 04:32 PM ET The agency issued supplemental guidance requiring new tests with Microsoft-provided tools and measures to harden the attractive target. The Cybersecurity and Infrastructure Security Agency set deadlines for federal agencies to implement supplemental actions under an emergency directive it issued following the abuse of vulnerabilities identified in on-premises Microsoft Exchange servers. The updated directive CISA released Wednesday requires department-level chief information officers or their equivalents to report to CISA on further investigative actions by noon Monday, April 5 and on defensive measures by noon Monday, June 28.