Exchange OWA must use https.
An XCCDF Rule
Description
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-234794r617323_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Open the Exchange Management Shell and enter the following command:
Set-OWAVirtualDirectory -Identity '<IdentityName>\owa (Default Web Site)' -ExternalUrl 'https://URL' -InternalUrl 'https://URL'
Note: The <IdentityName>\owa (default web site) value must be in quotes.