9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Microsoft wants to prevent attacks over insecure connections by blocking regular HTTP connections in Exchange Server 2016 and 2019. Administrators are therefore given access to HSTS. Microsoft introduces
Microsoft wants to prevent attacks over insecure connections by blocking regular HTTP connections in Exchange Server 2016 and 2019. Administrators are therefore given access to HSTS.
Microsoft introduces HSTS for Exchange Server 2016 and 2019. HSTS stands for HTTP Strict Transport Security. When administrators enable HSTS, the server enforces connections over HTTPS. This makes it impossible for an attacker to downgrade an HTTPS connection to HTTP, whereupon a the man in the middleAn attack is theoretically possible.
In addition, HSTS ensures that users cannot easily bypass untrusted, invalid, or expired certificates. Such messages indicate an insecure connection, but the users themselves are sometimes persistent. Redirecting from HTTP to HTTPS is also no longer necessary. HSTS doesn’t have any major drawbacks and provides a handy extra layer of protection for website visitors.
Administrators must configure HSTS themselves. This can be done via PowerShell or IIS Manager. Microsoft explains in detail how to enable HSTS. The method differs between Exchange Server 2016 and Exchange Server 2019. Microsoft plans to provide an update for Exchange HealthChecker in the near future to help you verify that HSTS is enabled correctly.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
