IIS HSTS with SCCM EHTTP – Tenable Finding

Nihat Elibüyük 0 Reputation points
2026-06-25T08:12:32.1766667+00:00

Hello Microsoft Support Team,

We are currently using Enhanced HTTP (EHTTP) configuration in our SCCM environment. During a recent Tenable vulnerability scan, a finding was reported that suggested enabling the HSTS protocol on IIS to improve security posture. However, we are concerned that enabling HSTS while EHTTP is in use may cause disruptions such as clients being unable to access policies, OSD task sequences failing, and agents losing connection to the Management Point (MP). Could you please clarify the official Microsoft recommendation on this matter? Specifically, is enabling HSTS on IIS supported while EHTTP is active, or should it only be considered after transitioning to a full HTTPS/PKI configuration? We want to ensure both compliance with vulnerability management requirements and the continuity of our SCCM environment. Your guidance and official advice would be greatly appreciated.

Thank you,

Nihat.

Microsoft Security | Intune | Configuration Manager | Deployment
0 comments No comments

1 answer

Sort by: Most helpful
  1. Nihat Elibüyük 0 Reputation points
    2026-06-26T06:54:44.49+00:00
    
    
    

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.