publish outlook anywhere exchange 2013 with 2 factor authentification


to publish outlook anywhere to internet, my security team need 2 factor authentification.

i think its not possible to use a certificate authentification with outlook, so i need to found a technical solution or a commercial product can do 2 factor authentification with outlook.

thanks for help
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You need to find out which type of token you want to use first. You can use certificates, USB sticks, mobile phone sms codes, RSA etc.

Major vendors like RSA, F5 and others have commercial products, but don't expect it to be cheap. In most cases it also requires that you have an internal CA in place, meaning you have to deploy AD Certificate services or something similar.

Some firewall vendors also include some type of web portal publishing that allows you to use 2 factor into the portal (and further on you "publish" OWA to that portal).

Some clues to get you started:
As xcomiii pointed out the options available.
In your question you made ref. That outlook doesn't do certificate related connection handling.
A certificate based two factor deals with outlook as part of the connection establishing process furnishes a client certificate and then the username/password as the final authentication...
cawasakiAuthor Commented:
my question is not for OWA but outlook anywhere, i need to now if any commercial solution exist to do 2 factor authentification with outlook, because outlook not use certificate.
OWA is accessed by IIS and it needs to be configured with a require client certificate (security of the site/virtual folder) while requiring logins or using tokens.

This would mean each user has to have a client certificate that is identifies the client and is verifiable either as suggested using an internal cA or purchased from external third party.

Note the require client certificate will for anyone who purchased a personal certificate, and is you
Map internally issued certificates to users it will record users in the log ....  While only allow known clients will be allowed in while anonymous users will be denied.

Create a new site/virtual directory and adjust settings/parameters on the security tab and test it out.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.