Set ‘Allow basic authentication’ to ‘False’
Details Use this setting to determine whether you want to allow clients to use basic authentication. Rationale: The default behavior...
- Home
- Security Hardening
- CIS Microsoft Exchange Server 2013 CAS V1.1.0
CIS Microsoft Exchange Server 2013 CAS V1.1.0
Set ‘Allow simple passwords’ to ‘False’
Details You can configure this setting to require strong passwords to unlock mobile devices before they can connect via ActiveSync...Set ‘Allow unmanaged devices’ to ‘False’
Details This setting determines whether Exchange allow devices that do not accept security policy updates from the Exchange server to...Set ‘Configure login authentication for IMAP4’ to ‘SecureLogin’
Details IMAP4 transmits all data, including user credentials and potentially sensitive messages, in plaintext. Using this setting to enable SSL...Set ‘Configure login authentication for POP3’ to ‘SecureLogin’
Details POP3 transmits all data, including user credentials and potentially sensitive messages, in plaintext. Using this setting to enable TLS...Set ‘Enable S/MIME for OWA 2010’ to ‘True’
Details You can enable this setting to allow users to download the S/MIME control to read and create signed and...Set ‘Enforce Password History’ to ‘4’ or greater
Details Retaining the password history ensures that old passwords will not be reused within a reasonable timeframe. Rationale: The longer...Set ‘Minimum password length’ to ‘4’ or greater
Details You can configure this setting to specify a minimum password length for device passwords. Long passwords can provide increased...Set ‘Number of attempts allowed’ to ’10’
Details Use this setting to restrict the number of failed logon attempts a user can make. Rationale: There is a...Set ‘Password Expiration’ to ’90’ or less
Details You can configure this setting to specify how long before passwords expire and users must change them. Rationale: The...