The Ms Exchange hack is obviously a mess. We have been fortunate in that almost all interfaces to our exchange server have isolated from the outside. The only one, which is now shut-off, was the activesync connection through our pulse secure box.
Is there any sense of level of exposure that the activesync connection presented with the Hafnium hack? Using the microsoft and other scripts, we don't appear to have any symptoms of Indications of Compromise (IOC). However we talked about it internally, and cannot judge the nature of the exposure we had with the pulse secure ativesync connection.
It is important to note that Pulse Secure will allow access to the resources configured under Activesync policy (optionally, we can enforce certificate authentication) and expects the backend OWA/Exchange server to authenticate the users who are accessing the resources (just like any other reverse proxy solutions or Load balancers).
If you don't find any trace present in the Exc. servers as described by MS, then you should be safe.