2.10 Set 'Configure startup mode' to 'TLS'

Information

Use this setting to start the UM Server in secure mode. This forces all dial plans to use TLS.

Rationale:

Communications between other VOIP systems and Exchange that are not protected by TLS are vulnerable to being captured by a malicious third party.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-UMService -Identity Exchange1 -UMStartUpMode TLS

See Also

https://workbench.cisecurity.org/files/1512

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 221b070096ab69cfa6c9e4264c5c7bf4126bd81bffea51dd49106f449a735cde