hardening exchange communications

All of my exch2010 services like OWA, ECP, ActiveSync, OAB are set to use Basic auth. I have a SSL cert on the CAS boxes but none of the IIS Virtual directories for these services are set to "Require SSL;" should this be set? I am also offloading the SSL to a loadbalancer so I assume not.

I want to make sure we do not have any non-ssl connections.. Whats the best practice for hardening exchange communications?
DEFclubAsked:
Who is Participating?
 
Imtiaz HashamConnect With a Mentor Technical Director / IT ConsultantCommented:
I would use SSL for communicating outside the office and it's defaulted to use SSL connections only.

Try the owa link without https and see if it works.

Also enable TLS
0
 
DEFclubAuthor Commented:
thxs
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.