BIO 13.01.01 ISO A.13.1.1

Outlook RPC Versleuteling Ingeschakeld

πŸ“… 2025-10-30
β€’
⏱️ 5 minuten lezen
β€’
πŸ”΄ Must-Have

πŸ’Ό Management Samenvatting

RPC (Remote Procedure Call) versleuteling moet worden ingeschakeld in Outlook om te voorkomen dat email communicatie tussen Outlook client en Exchange server in plaintext over het netwerk gaat.

Aanbeveling
Implementeer
Risico zonder
High
Risk Score
8/10
Implementatie
2u (tech: 1u)
Van toepassing op:
βœ“ Outlook
βœ“ Exchange

RPC OUTLOOK-EXCHANGE COMMUNICATIE: Outlook gebruikt RPC/MAPI protocol voor communicatie met Exchange servers. ZONDER versleuteling: Email content, credentials, calendar data is plaintext netwerkverkeer, Man-in-the-middle attacks kunnen data onderscheppen, Gevoelige bedrijfscommunicatie leesbaar op netwerk. MODERN STANDARD: Exchange Online gebruikt ALTIJD versleuteling (HTTPS/TLS), On-premises Exchange moet RPC versleuteling afgedwongen hebben. DISA STIG O365-OU-000002: VERPLICHT voor government email security.

PowerShell Modules Vereist
Primary API: Intune / Group Policy
Connection: Registry
Required Modules:

Implementatie

Schakel in RPC versleuteling: HKCU:\Software\Policies\Microsoft\Office\16.0\OUTLOOK\Security\Schakel inrpcencryption is 1. EFFECT: Outlook Vereist dat versleuteld RPC connection to Exchange, Onversleutelde connections worden geweigerd, MAPI traffic versleuteld via RPC-over-HTTP of HTTPS.

Vereisten

  1. Outlook (Microsoft 365 Apps)
  2. Exchange server moet RPC versleuteling ondersteunen (modern Exchange versions)
  3. Voor Exchange Online: Automatisch versleuteld (Dit beleid is aanvullend enforcement)

Implementeeratie

Gebruik PowerShell-script Schakel in-rpc-encryption.ps1 (functie Invoke-Remediation) – Schakel in RPC versleuteling.

Intune: Outlook Security β†’ Schakel inRPCEncryption is 1

monitoring

Gebruik PowerShell-script enable-rpc-encryption.ps1 (functie Invoke-Monitoring) – Controleren.

Compliance en Auditing

  1. DISA STIG O365-OU-000002 - VERPLICHT
  2. BIO 13.01 - Netwerkbeveiliging: versleuteling in transit
  3. ISO 27001 A.13.1.1

Remediatie

Gebruik PowerShell-script enable-rpc-encryption.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
# Control: O365-OU-000002 - enable rpc encryption #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\OUTLOOK\Security", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-OU-000002: enable rpc encryption" -ForegroundColor Green try { $valueName = "enablerpcencryption" $expectedValue = 1 if (-not (Test-Path $RegistryPath)) { Write-Host "βœ— Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host "βœ“ Control compliant: $valueName = $expectedValue" -ForegroundColor Green return $true } else { $actualValue = if ($currentValue) { $currentValue.$valueName } else { "Not Set" } Write-Host "βœ— Control non-compliant: $valueName = $actualValue (Expected: $expectedValue)" -ForegroundColor Red return $false } } catch { Write-Host "βœ— Error checking registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-OU-000002: enable rpc encryption" -ForegroundColor Yellow try { if ($WhatIf) { Write-Host " [WhatIf] Would set registry value" -ForegroundColor Cyan return $true } if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null Write-Host " Created registry path: $RegistryPath" -ForegroundColor Green } $valueName = "enablerpcencryption" $expectedValue = 1 Set-ItemProperty -Path $RegistryPath -Name $valueName -Value $expectedValue -Type DWord -Force Write-Host " Set $valueName to $expectedValue" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host " Error during remediation: $_" -ForegroundColor Red return $false } } function Invoke-Revert { Write-Host "Reverting O365-OU-000002: enable rpc encryption" -ForegroundColor Yellow try { if ($WhatIf) { Write-Host " [WhatIf] Would remove registry value" -ForegroundColor Cyan return $true } $valueName = "enablerpcencryption" if (Test-Path $RegistryPath) { Remove-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue Write-Host " Removed registry value: $valueName" -ForegroundColor Green } return $true } catch { Write-Host " Error during revert: $_" -ForegroundColor Red return $false } } # Main execution try { if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } elseif ($Revert) { $result = Invoke-Revert exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: [-Monitoring] [-Remediation] [-Revert] [-WhatIf]" -ForegroundColor Yellow } } catch { Write-Host "Script execution error: $_" -ForegroundColor Red exit 1 }

Risico zonder implementatie

Risico zonder implementatie
High: Hoog risico: Onversleuteld RPC is email content, credentials, calendar data in plaintext over netwerk. Man-in-the-middle attacks kunnen bedrijfscommunicatie onderscheppen.

Management Samenvatting

Schakel in Outlook RPC versleuteling (Schakel inrpcencryption=1). Versleutelt Outlook-Exchange communicatie. DISA STIG O365-OU-000002 VERPLICHT. Voldoet aan BIO 13.01, ISO 27001 A.13.1.1. Implementeeratie: 1-2 uur.