Exchange 2016, enable download domain for OWA/ECP
To mitigate CVE-2021-1730, I'm looking for the right way to enable download domains on Exchange 2016 with claims-based auth for owa/ecp.
refs:
Download domain = https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730
Claims-based auth = https://learn.microsoft.com/en-us/exchange/clients/outlook-on-the-web/ad-fs-claims-based-auth?view=exchserver-2016
I do not want to allow login from https://**download.**mail.contoso.com/owa since that defies the purpose
Is the following all it takes?:
Set-OrganizationConfig -AdfsAudienceUris "https://mail.contoso.com/owa/","https://mail.contoso.com/ecp/","https://download.mail.contoso.com/owa/"