hardening exchange communications

All of my exch2010 services like OWA, ECP, ActiveSync, OAB are set to use Basic auth. I have a SSL cert on the CAS boxes but none of the IIS Virtual directories for these services are set to "Require SSL;" should this be set? I am also offloading the SSL to a loadbalancer so I assume not.

I want to make sure we do not have any non-ssl connections.. Whats the best practice for hardening exchange communications?
Who is Participating?
Imtiaz HashamConnect With a Mentor Technical Director / IT ConsultantCommented:
I would use SSL for communicating outside the office and it's defaulted to use SSL connections only.

Try the owa link without https and see if it works.

Also enable TLS
DEFclubAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.