2.8 Set 'Enable RPC encryption' to 'Enabled'

Information

This policy setting controls whether Outlook uses remote procedure call (RPC) encryption
to communicate with Microsoft Exchange servers. If you enable this policy setting, Outlook
uses RPC encryption when communicating with an Exchange server. Note - RPC encryption
only encrypts the data from the Outlook client computer to the Exchange server. It does not
encrypt the messages themselves as they traverse the Internet. If you disable or do not
configure this policy setting, RPC encryption is still used by default. This setting allows you
to override the corresponding per-profile setting. The recommended state for this setting
is- Enabled.

*Rationale*

By default, the remote procedure call (RPC) communication channel between an Outlook
2010 client computer and an Exchange server is not encrypted. If a malicious person is able
to eavesdrop on the network traffic between Outlook and the server, they might be able to
access confidential information.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.


User Configuration\Administrative Templates\Microsoft Outlook 2010\Account
Settings\Exchange\Enable RPC encryption

Impact-Enabling this setting should not have any significant effect on users. However, there is
always a trade-off between secure communication and performance, so you should
evaluate the performance impact of encrypting every connection from the Outlook 2010
client computer and the Exchange server.

See Also

https://workbench.cisecurity.org/files/530

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(1)

Plugin: Windows

Control ID: 4dcaeefcb67830d8ba39723b6a870499ae4218afd2acd8d0c470c5a6147f9f0a