Exchange OWA must use https.
An XCCDF Rule
Description
Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and either read or altered.
- ID
- SV-234794r617323_rule
- Version
- EX13-CA-000150
- Severity
- High
- References
- Updated
Remediation Templates
A Manual Procedure
Open the Exchange Management Shell and enter the following command:
Set-OWAVirtualDirectory -Identity '<IdentityName>\owa (Default Web Site)' -ExternalUrl 'https://URL' -InternalUrl 'https://URL'
Note: The <IdentityName>\owa (default web site) value must be in quotes.