This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 19%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Hi Support,
It has been flagged by our security team that the Azure VM provisioned as part of the Cloud Management Gateway does not have 'HTTP Strict Transport Security' (HSTS) set. This has been flagged as a vulnerability.
How do we go about mitigating this?
Regards.
Cloud Management gateway is entirely deployed, configured, and managed by Microsoft Configuration Manager, and not by Azure. I changed the tags of this issue so it will be directed to configuration manager.
As the CMG is a managed service, there is no supported way for you to deal with this. You should do one (or all) of the following: