Note: for more up to date guidance on TLS, please see this post.
Whether you are running Exchange on-premises, in the cloud, or somewhere in between, we know that security is a top priority. Micro...
Updated Jul 01, 2019
Version 2.0
Blog Post
@Dave: great blog, thanks for sharing.
@wer83: We already enabled HSTS in Office 365 - specifically for OWA & ECP vdirs. However, as far as I can see, we didn't create a simple configuration option for on-premises, probably because it can be challenging to implement properly in a complex environment
where you don't know which domains, subdomains, and other applications you might be affecting. For now, consider it not supported, but feel free to try this in a lab and/or contact support for assistance if this is something that you require & understand the
potential implications - with a little testing and documentation, it could probably easily be supported. Keep in mind that most non-browser clients would already prompt or prohibit non-TLS connections by default (and possibly not respect the header anyway),
so I imagine that this is really about OWA more than anything. Hope this helps.