Exchange 2016, enable download domain for OWA/ECP

Dylan 1 Reputation point
2022-01-19T09:02:48.41+00:00

To mitigate CVE-2021-1730, I'm looking for the right way to enable download domains on Exchange 2016 with claims-based auth for owa/ecp.

refs:
Download domain = https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730
Claims-based auth = https://learn.microsoft.com/en-us/exchange/clients/outlook-on-the-web/ad-fs-claims-based-auth?view=exchserver-2016

I do not want to allow login from https://**download.**mail.contoso.com/owa since that defies the purpose

Is the following all it takes?:
Set-OrganizationConfig -AdfsAudienceUris "https://mail.contoso.com/owa/","https://mail.contoso.com/ecp/","https://download.mail.contoso.com/owa/"

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,184 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,319 questions
{count} votes