RPC encryption between Outlook and Exchange server must be enforced.
An XCCDF Rule
Description
The remote procedure call (RPC) communication channel between an Outlook client computer and an Exchange server is not encrypted. If a malicious individual is able to eavesdrop on the network traffic between Outlook and the server, they might be able to access confidential information.
| Property | Value |
|---|---|
| Responsibility | System Administrator |
- ID
- SV-54052r1_rule
- Version
- DTOO279
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Account Settings -> Exchange "Enable RPC encryption" to "Enabled".