Check: Exch-1-402
Exchange 2010 Client Access Server STIG:
Exch-1-402
(in version v1 r9)
Title
Outlook Anywhere (OA) clients must use NTLM authentication to access email. (Cat II impact)
Discussion
Identification and Authentication provide the foundation for access control. Access to email services applications require NTLM authentication. Outlook Anywhere, if authorized for use by the site, must use NTLM authentication when accessing email. Note: There is a technical restriction in Exchange OA that requires a direct SSL connection from Outlook to the CA server. There is also a constraint where Microsoft supports that the CA server must participate in the AD domain inside the enclave. For this reason, Outlook Anywhere must be deployed only for enclave-sourced Outlook users.
Check Content
Open the Exchange Management Shell and enter the following command: Get-OutlookAnywhere If the value of 'Client Authentication Method' is not set to 'NTLM', this is a finding.
Fix Text
Open the Exchange Management Shell and enter the following command: Set-OutlookAnywhere -ClientAuthenticationMethod NTLM
Additional Identifiers
Rule ID: SV-44027r2_rule
Vulnerability ID: V-33607
Group Title: Exch-1-402
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |