A recent external security audit turned up a few low priority items which I've been asked to correct. I'm stuck on one of them which states:
(Low) – Default documentation was found installed with the HTTP daemon on device xxx.xxx.xxx.xxx. Auditor recommends deleting all default documentation.
I'm not sure how to approach this one without breaking exchange/owa. I can see the documentation tab under the default website properties for my exchange server running but I don't really know what they want me to do here. The box for "Enable default content page" is checked and under it are several file names: iisstart.htm, Default.htm, Default.asp, index.htm, and Default.aspx. I'm far from an IIS expert so would appreciate any guidance you could provide so this won't show up on the next audit.