CISA.MS.EXO.5.1 - SMTP AUTH SHALL be disabled.
Overviewβ
SMTP AUTH SHALL be disabled.
Rationale: SMTP AUTH is not used or needed by modern email clients. Therefore, disabling it as the global default conforms to the principle of least functionality.
Remediation action:β
- To disable SMTP AUTH for the organization:
- Sign in to the Exchange admin center.
- On the left hand pane, select Settings; then from the settings list, select Mail Flow.
- Make sure the setting Turn off SMTP AUTH protocol for your organization is checked.
Related linksβ
- Exchange admin center - Settings
- CISA 5 Simple Mail Transfer Protocol Authentication - MS.EXO.5.1v1
- CISA ScubaGear Rego Reference
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | CISA.MS.EXO.5.1 |
| Severity | High |
| Suite | CISA |
| Category | exchange |
| PowerShell test | Test-MtCisaSmtpAuthentication |
| Tags | CISA, CISA.MS.EXO.5.1, MS.EXO, MS.EXO.5.1 |
Sourceβ
- Pester test:
tests/cisa/exchange/Test-MtCisaSmtpAuthentication.Tests.ps1 - PowerShell source:
powershell/public/cisa/exchange/Test-MtCisaSmtpAuthentication.ps1