Autodiscover Configuration Check [CHK-1057]
This customer check verifies if autodiscover is correctly configured for your email domains.
Rationale
Email programs like Microsoft Outlook use the Autodiscover protocol to fill in the settings of your mailbox. If Autodiscover is not correctly configured in DNS, it can be abused, resulting in your login credentials falling into the wrong hands.
Fix
An automated fix is available through Attic.
Manual steps:
- Contact the DNS administrator of the relevant domain.
- Add a CNAME-record to the zone(s) of the domain.
- Name: autodiscover
- Type: CNAME
- Target: autodiscover.outlook.com
Impact
Correctly configuring Autodiscover reduces the risk of your login credentials being leaked. However, it's not a guarantee against abuse. Additional controls can be implemented to further reduce the risk.
More Information
For more details, refer to the publication by Amit Serper from Guardicore: Autodiscovering the Great Leak.