Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69769 | EX13-CA-000135 | SV-84391r1_rule | Medium |
| Description |
|---|
| Identification and authentication provide the foundation for access control. Access to email services applications requires NTLM authentication. Outlook Anywhere, if authorized for use by the site, must use NTLM authentication when accessing email. Note: There is a technical restriction in Exchange OA that requires a direct SSL connection from Outlook to the CA server. There is also a constraint where Microsoft supports that the CA server must participate in the AD domain inside the enclave. For this reason, Outlook Anywhere must be deployed only for enclave-sourced Outlook users. |
| STIG | Date |
|---|---|
| MS Exchange 2013 Client Access Server Security Technical Implementation Guide | 2019-12-18 |
Details
| Check Text ( C-70219r1_chk ) |
|---|
| Open the Exchange Management Shell and enter the following command: Get-OutlookAnywhere | Select Name, Identity, InternalClientAuthenticationMethod, ExternalClientAuthenticationMethod If the value of InternalClientAuthenticationMethod and the value of ExternalClientAuthenticationMethod is not set to NTLM, this is a finding. |
| Fix Text (F-75981r1_fix) |
|---|
| Open the Exchange Management Shell and enter the following commands: For InternalClientAuthenticationMethod: Set-OutlookAnywhere -Identity ' For ExternalClientAuthenticationMethod: Set-OutlookAnywhere -Identity ' |