Export (0) Print
Expand All
2 out of 3 rated this helpful - Rate this topic

Securing Exchange Server 2007 Client Access

 

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2007-04-18

This topic provides an overview of the security and authentication related options that are available for a Microsoft Exchange Server 2007 computer that has the Client Access server role installed. The Client Access server role provides access to Microsoft Office Outlook Web Access, Microsoft Exchange ActiveSync, Outlook Anywhere, Post Office Protocol version 3 (POP3), and Internet Message Access Protocol version 4rev1 (IMAP4). In addition, it supports the Autodiscover service and the Availability service. Each of these protocols and services has unique security needs.

One of the most important security-related tasks that you can perform for the Client Access server role is to configure an authentication method. The Client Access server role is installed with a default self-signed digital certificate. A digital certificate does two things:

  • It authenticates that its holder is who or what they claim to be.
  • It helps protect data exchanged online from theft or tampering.

Although the default, self-signed certificate is supported for Exchange ActiveSync and Outlook Web Access, it is not the most secure method of authentication. In addition, it is not supported for Outlook Anywhere. For additional security, consider configuring your Exchange 2007 Client Access server to use a trusted certificate from a third-party commercial certification authority (CA) or a trusted Windows public key infrastructure (PKI) CA. You can configure authentication separately for Exchange ActiveSync, Outlook Web Access, Outlook Anywhere, POP3, and IMAP4.

For more information about how to configure authentication, see the following topics:

After you optimize the security of communications between clients and the Exchange 2007 Client Access server, you must optimize the security of the communications between the Exchange 2007 Client Access server and other servers in your organization. By default, HTTP, Exchange ActiveSync, POP3, and IMAP4 communication between the Client Access server and other servers, such as Exchange 2007 servers that have the Mailbox server role installed, domain controllers, and global catalog servers, is encrypted.

For more information about how to manage security for the various components of your Client Access server, see the following topics:

To ensure that you are reading the most up-to-date information and to find additional Exchange Server 2007 documentation, visit the Exchange Server TechCenter.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.