Solved

Exchange 2013 - restrict remote connections based on certificate

Posted on 2014-12-10
2
36 Views
Last Modified: 2016-01-15
I have 4 Exchange Servers,  2 front end CAS Servers and 2 MBX servers.  All is up and has been running great for 14 months now.   I'm wanting to be able to manage what machines have remote access to exchange, Active Sync etc to prevent unauthorized or personal desktops from simply using the autodiscover service to connect to exchange.

 I'm seeing a lot about certificate based authentication which could be nice but what i would really like to do is generate a certificate from my domain controller and have Exchange simply check for this private certificate.   If the certificate is present on the desktop or mobile device users can still connect with their domain credentials just like they do today.   I can deploy this generated certificate to my mobile devices and laptops easily.   Can anyone get me started in the right direction to accomplish this?

Thank You,
0
Comment
Question by:DeltaMN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 500 total points
ID: 40493234
I'd suggest using Web Application Proxy, the reverse proxy built into Server 2012 R2.
It's easy to configure.
Ideally you would do ADFS and Device Registration, which givey you really fine control but you can just do certificate based authentication:

Here are some the TechNet links:
http://technet.microsoft.com/en-us/library/dn280942.aspx
http://technet.microsoft.com/en-us/library/dn584098.aspx

Here's a link about doing fine grained authentication:
http://blog.auth360.net/category/web-application-proxy/

Here is one on SharePoint, but it's much the same thing
http://www.brightstarr.com/sharepoint-technology-and-application-insights/securely-publishing-sharepoint-externally-using-web-application-proxy
0
 

Author Comment

by:DeltaMN
ID: 40496103
Thank you for the direction.   I wasnt sure if i could require a certificate from the CAS Servers activesync website.  The Web Application Proxy sounds like a good solution, i'm going to leave this post opened and hopefully i get some additional ideas before i start investing my time.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question