Solved

Exchange 2013 - restrict remote connections based on certificate

Posted on 2014-12-10
2
26 Views
Last Modified: 2016-01-15
I have 4 Exchange Servers,  2 front end CAS Servers and 2 MBX servers.  All is up and has been running great for 14 months now.   I'm wanting to be able to manage what machines have remote access to exchange, Active Sync etc to prevent unauthorized or personal desktops from simply using the autodiscover service to connect to exchange.

 I'm seeing a lot about certificate based authentication which could be nice but what i would really like to do is generate a certificate from my domain controller and have Exchange simply check for this private certificate.   If the certificate is present on the desktop or mobile device users can still connect with their domain credentials just like they do today.   I can deploy this generated certificate to my mobile devices and laptops easily.   Can anyone get me started in the right direction to accomplish this?

Thank You,
0
Comment
Question by:DeltaMN
2 Comments
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 500 total points
ID: 40493234
I'd suggest using Web Application Proxy, the reverse proxy built into Server 2012 R2.
It's easy to configure.
Ideally you would do ADFS and Device Registration, which givey you really fine control but you can just do certificate based authentication:

Here are some the TechNet links:
http://technet.microsoft.com/en-us/library/dn280942.aspx
http://technet.microsoft.com/en-us/library/dn584098.aspx

Here's a link about doing fine grained authentication:
http://blog.auth360.net/category/web-application-proxy/

Here is one on SharePoint, but it's much the same thing
http://www.brightstarr.com/sharepoint-technology-and-application-insights/securely-publishing-sharepoint-externally-using-web-application-proxy
0
 

Author Comment

by:DeltaMN
ID: 40496103
Thank you for the direction.   I wasnt sure if i could require a certificate from the CAS Servers activesync website.  The Web Application Proxy sounds like a good solution, i'm going to leave this post opened and hopefully i get some additional ideas before i start investing my time.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now