diff --git a/http/misconfiguration/microsoft-exchange-user-enumeration.yaml b/http/misconfiguration/microsoft-exchange-user-enumeration.yaml
new file mode 100644
index 0000000000..fe31f39e59
--- /dev/null
+++ b/http/misconfiguration/microsoft-exchange-user-enumeration.yaml
@@ -0,0 +1,37 @@
+id: microsoft-exchange-user-enumeration
+
+info:
+  name: Microsoft Exchange Autodiscover - User Enumeration
+  author: righettod
+  severity: info
+  description: Microsoft Exchange (on premise) is prone to a user enumeration via the ActiveSync protocol using the AutodiscoverV2 endpoint.
+  reference:
+    - https://www.msxfaq.de/exchange/autodiscover/autodiscover_v2.htm
+  classification:
+    cwe-id: CWE-204
+  metadata:
+    max-request: 1
+  tags: exchange,microsoft,misconfig,intrusive
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/autodiscover/autodiscover.json?Protocol=ActiveSync&Email={{rand_text_alpha(6)}}%40domain.com&RedirectCount=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "/autodiscover/autodiscover.json?Email="
+
+      - type: status
+        status:
+          - 302
+
+    extractors:
+      - type: regex
+        part: header
+        group: 1
+        regex:
+          - '(?i)Email=([A-Za-z0-9@%.-]+)'