Exchange Mobile device authentication with CBA or Credentials

Brandon Miller
Brandon Miller used Ask the Experts™
on
I have deployed certificate based authentication on our network for our mobile devices to be able to authenticate to the network utilizing an NDES server. We have configured the NPS policies and have pushed the Wifi configuration to our mobile's with our MDM solution. The only issue I am running into is that our exchange server is not setup for CBA. Our MDM solution required us to change the Exchange authentication from passthrough to CBA.

My question is can I setup CBA without effecting devices that do not connect to our Exchange Active Sync via our MDM. Does EAC still allow users with BYOD to connect to exchange using the credentials or do I have to somehow issue them their user certificate for them to be able to authenticate to EAC now?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Solutions Architect
Top Expert 2016
Commented:
You cannot use multiple authentication methods and have client certificates enabled on the virtual directory. The client must either use client certificate or username and password to authenticate, not both.

QUOTE: https://blogs.technet.microsoft.com/exchange/2017/05/05/demystifying-certificate-based-authentication-with-activesync-in-exchange-2013-and-2016-on-premises/
Brandon MillerSystems Administrator

Author

Commented:
Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial