I have 4 Exchange Servers, 2 front end CAS Servers and 2 MBX servers. All is up and has been running great for 14 months now. I'm wanting to be able to manage what machines have remote access to exchange, Active Sync etc to prevent unauthorized or personal desktops from simply using the autodiscover service to connect to exchange.
I'm seeing a lot about certificate based authentication which could be nice but what i would really like to do is generate a certificate from my domain controller and have Exchange simply check for this private certificate. If the certificate is present on the desktop or mobile device users can still connect with their domain credentials just like they do today. I can deploy this generated certificate to my mobile devices and laptops easily. Can anyone get me started in the right direction to accomplish this?