I was just wondering about authentication to OWA at my company.
From the internet, when I browse to my company's Outlook web access URL, I get prompted for forms-based authentication. That is, within the webpage, I see a box for username and password. The OWA is being reverse proxied by the ISA server. ISA server is on the DMZ and the back-end exchange server is on the inside network.
When I input my AD credentials, is the ISA server passing it to the backend exchange server which passes it to AD servers to check?