1.1.2.6 Ensure 'Enable RPC encryption' is set to Enabled

Information

This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers.
If you enable this policy setting, Outlook uses RPC encryption when communicating with an Exchange server. Note - RPC encryption only encrypts the data from the Outlook client computer to the Exchange server. It does not encrypt the messages themselves as they traverse the Internet.
If you disable or do not configure this policy setting, RPC encryption is still used by default. This setting allows you to override the corresponding per-profile setting. The recommended state for this setting is: Enabled.

Rationale:

By default, the remote procedure call (RPC) communication channel between an Outlook client computer and an Exchange server is not encrypted. If a malicious person is able to eavesdrop on the network traffic between Outlook and the server, they might be able to access confidential information.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled.

User Configuration\Administrative Templates\Microsoft Outlook 2016\Account Settings\Exchange\Enable RPC encryption

Impact:

Enabling this setting should not have any significant effect on users. However, there is always a trade-off between secure communication and performance, so you should evaluate the performance impact of encrypting every connection from the Outlook client computer and the Exchange server.

See Also

https://workbench.cisecurity.org/files/553

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(1)

Plugin: Windows

Control ID: d4dd686758bae5fe2bd55e527e42eef9b0e22ffeab65aa4d158963ba5725bfed