<div>
Thank you for the direction. &nbsp; I wasnt sure if i could require a certificate from the CAS Servers activesync website. &nbsp;The Web Application Proxy sounds like a good solution, i'm going to leave this post opened and hopefully i get some additional ideas before i start investing my time.
</div>


Thank you for the direction.   I wasnt sure if i could require a certificate from the CAS Servers activesync website.  The Web Application Proxy sounds like a good solution, i'm going to leave this post opened and hopefully i get some additional ideas before i start investing my time.

<div>
<div class="content wysiwyg-content">
I have 4 Exchange Servers, &nbsp;2 front end CAS Servers and 2 MBX servers. &nbsp;All is up and has been running great for 14 months now. &nbsp; I'm wanting to be able to manage what machines have remote access to exchange, Active Sync etc to prevent unauthorized or personal desktops from simply using the autodiscover service to connect to exchange. <br />
<br />
&nbsp;I'm seeing a lot about certificate based authentication which could be nice but what i would really like to do is generate a certificate from my domain controller and have Exchange simply check for this private certificate. &nbsp; If the certificate is present on the desktop or mobile device users can still connect with their domain credentials just like they do today. &nbsp; I can deploy this generated certificate to my mobile devices and laptops easily. &nbsp; Can anyone get me started in the right direction to accomplish this?<br />
<br />
Thank You,
</div>
</div>


I have 4 Exchange Servers,  2 front end CAS Servers and 2 MBX servers.  All is up and has been running great for 14 months now.   I'm wanting to be able to manage what machines have remote access to exchange, Active Sync etc to prevent unauthorized or personal desktops from simply using the autodiscover service to connect to exchange. 

 I'm seeing a lot about certificate based authentication which could be nice but what i would really like to do is generate a certificate from my domain controller and have Exchange simply check for this private certificate.   If the certificate is present on the desktop or mobile device users can still connect with their domain credentials just like they do today.   I can deploy this generated certificate to my mobile devices and laptops easily.   Can anyone get me started in the right direction to accomplish this?

Thank You,

Exchange 2013 - restrict remote connections based on certificate

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.

Email Servers

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.