<div>
<div class="content wysiwyg-content">
All of my exch2010 services like OWA, ECP, ActiveSync, OAB are set to use Basic auth. I have a SSL cert on the CAS boxes but none of the IIS Virtual directories for these services are set to &quot;Require SSL;&quot; should this be set? I am also offloading the SSL to a loadbalancer so I assume not. <br />
<br />
I want to make sure we do not have any non-ssl connections.. Whats the best practice for hardening exchange communications?
</div>
</div>


All of my exch2010 services like OWA, ECP, ActiveSync, OAB are set to use Basic auth. I have a SSL cert on the CAS boxes but none of the IIS Virtual directories for these services are set to "Require SSL;" should this be set? I am also offloading the SSL to a loadbalancer so I assume not. 

I want to make sure we do not have any non-ssl connections.. Whats the best practice for hardening exchange communications?

hardening exchange communications

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.