Deploying software and updates using Configuration Manager
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello Microsoft Support Team,
We are currently using Enhanced HTTP (EHTTP) configuration in our SCCM environment. During a recent Tenable vulnerability scan, a finding was reported that suggested enabling the HSTS protocol on IIS to improve security posture. However, we are concerned that enabling HSTS while EHTTP is in use may cause disruptions such as clients being unable to access policies, OSD task sequences failing, and agents losing connection to the Management Point (MP). Could you please clarify the official Microsoft recommendation on this matter? Specifically, is enabling HSTS on IIS supported while EHTTP is active, or should it only be considered after transitioning to a full HTTPS/PKI configuration? We want to ensure both compliance with vulnerability management requirements and the continuity of our SCCM environment. Your guidance and official advice would be greatly appreciated.
Thank you,
Nihat.
Deploying software and updates using Configuration Manager