publish outlook anywhere exchange 2013 with 2 factor authentification

cawasaki
cawasaki used Ask the Experts™
on
hello,

to publish outlook anywhere to internet, my security team need 2 factor authentification.

i think its not possible to use a certificate authentification with outlook, so i need to found a technical solution or a commercial product can do 2 factor authentification with outlook.

thanks for help
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You need to find out which type of token you want to use first. You can use certificates, USB sticks, mobile phone sms codes, RSA etc.

Major vendors like RSA, F5 and others have commercial products, but don't expect it to be cheap. In most cases it also requires that you have an internal CA in place, meaning you have to deploy AD Certificate services or something similar.

Some firewall vendors also include some type of web portal publishing that allows you to use 2 factor into the portal (and further on you "publish" OWA to that portal).

Some clues to get you started:
http://www.petenetlive.com/KB/Article/0000966
Distinguished Expert 2017

Commented:
As xcomiii pointed out the options available.
In your question you made ref. That outlook doesn't do certificate related connection handling.
A certificate based two factor deals with outlook as part of the connection establishing process furnishes a client certificate and then the username/password as the final authentication...

Author

Commented:
my question is not for OWA but outlook anywhere, i need to now if any commercial solution exist to do 2 factor authentification with outlook, because outlook not use certificate.
Distinguished Expert 2017
Commented:
OWA is accessed by IIS and it needs to be configured with a require client certificate (security of the site/virtual folder) while requiring logins or using tokens.

This would mean each user has to have a client certificate that is identifies the client and is verifiable either as suggested using an internal cA or purchased from external third party.

Note the require client certificate will for anyone who purchased a personal certificate, and is you
Map internally issued certificates to users it will record users in the log ....  While only allow known clients will be allowed in while anonymous users will be denied.

Create a new site/virtual directory and adjust settings/parameters on the security tab and test it out.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial