Details
It is preferable to use Exchange Authentication or IPsec for external send connectors. However, if you must use Basic authentication to enable Domain Security, using (Mutual Auth TLS) for external send connectors helps to protect credentials and e-mail sent to other organizations.
If enabled, the Send connector will attempt to establish a mutual Transport Layer Security (TLS) connection with remote servers when sending mail. There are additional configuration steps required before you can start using TLS. For more information about how to configure mutual TLS, see Using Domain Security: Configuring Mutual TLS [http://technet.microsoft.com/en-us/library/bb123543(EXCHG.140).aspx].
Rationale:
Basic authentication sends credentials across the network in plaintext. Domain Security (Mutual Auth TLS) helps protect credentials from interception by unauthorized users.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
set-sendconnector -Identity
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.