trustedple.blogg.se - Microsoft activesync on windows 7

The configuration for legacy versions follows the IIS configuration steps. This configuration is simple and is fully documented in the following link that applies to Exchange 2013/2016. If Exchange Server is accepting the client certificate

The requirements for user certificates are documented here: Configure certificate based authentication in Exchange 2016.

This post assumes that the user certificates have already been deployed in AD before CBA was implemented. You can’t have both Exchange and a device accepting the client certificate.

Will an MDM or other device using Kerberos Constrained Delegation (KCD) be accepting the client certificate?.

Will Exchange server be accepting the client certificate?.

How you implement CBA will depend on the response to following questions: The most important part of working with CBA is to know where the client certificate will be accepted (or ‘terminated’). How does the client certificate get installed on the device? There’s several MDM (Mobile Device Management) solutions to install the client certificate on the device. Also, just to be clear (as some people have those things confused) CBA is not two-factor authentication (2FA).

This is not related to using SSL to connect to the server as we assume that you already have SSL setup. The user will no longer have to save a password to authenticate with Exchange. What is Certificate Based Authentication (CBA)? Instead of using Basic or WIA (Windows Integrated Authentication), the device will have a client (user) certificate installed, which will be used for authentication. This post is intended to provide some clarifications of this topic and give you troubleshooting tips. Some of the more complicated support calls we see are related to Certificate Based Authentication (CBA) with ActiveSync.