Understanding Security for Outlook Web App

 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Outlook Web App for Microsoft Exchange Server 2010 offers a variety of security features that you can configure to suit your organization's security requirements. Because Outlook Web App may be used to provide users access to their mailboxes from workstations that are not secure, security is a priority. By default, when you install the Client Access server role on an Exchange 2010 server, Outlook Web App is configured to use Secure Sockets Layer (SSL) and forms-based authentication.

Looking for management tasks related to securing Outlook Web App? See Managing Outlook Web App Security.

Contents

Authentication

Segmentation

Web Beacons

File and Data Access

Secure Sockets Layer

Authentication

You can configure the following types of authentication methods on the Exchange 2010 Client Access server:

  • Standard authentication methods such as the following:

    • Basic authentication

    • Integrated Windows authentication

    • Digest authentication

  • Forms-based authentication

For more information about authentication methods for Outlook Web App, see Understanding Authentication for Outlook Web App.

Segmentation

Segmentation lets you enable and disable features that are available to users in Exchange 2010 Outlook Web App. By default, any mail-enabled user in your Exchange 2010 organization can access their mailbox by using Outlook Web App. Depending on the needs of your organization, you can use segmentation to configure the following for user access:

  • Restrict access to Outlook Web App for specific users.

  • Control access to certain Outlook Web App features for specific users.

  • Disable an Outlook Web App feature completely.

For more information about segmentation in Outlook Web App, see Understanding Segmentation for Outlook Web App.

Web Beacons

A Web beacon is a file object, such as a transparent graphic or an image, which is put on a Web site or in an e-mail message. Web beacons are typically used together with HTML cookies to monitor user behavior on a Web site or to validate a recipient's e-mail address when an e-mail that contains a Web beacon is opened.

Note

By default, Outlook Web App disables all potential Web beacon content in e-mail messages.

For more information about how to deal with Web beacons in Outlook Web App, see Understanding Web Beacon and HTML Form Filtering in Outlook Web App.

File and Data Access

There are a variety of features that enable users to access files and data in Outlook Web App. Each of these features includes options for controlling access to files and data from Outlook Web App.

WebReady Document Viewing

Exchange 2010 includes a feature named WebReady Document Viewing. WebReady Document Viewing lets users view common file types in the Outlook Web App Web browser without having the applications that are associated with those file types installed on the computer they are using. Allowing files that are accessed through Outlook Web App to be viewed only by using WebReady Document Viewing protects against the potential security risk that is caused when files that are opened from within Outlook Web App are cached on the client computer. For more information about how to configure file and data access for Outlook Web App, see Understanding Security for File and Data Access for Outlook Web App.

Return to top

Direct File Access

Direct file access enables users to open attached files directly from inside Outlook Web App. You can also configure how users interact with files by using the Allow, Block, or Force Save options for direct file access in the Exchange Management Console. This means that you can specify the types of files that users can access. More important, you can specify which types of files are prohibited.

For more information about how to configure file and data access for Outlook Web App, see Understanding Security for File and Data Access for Outlook Web App.

Windows File Share Integration

By using Outlook Web App, users can access remote files that are stored on Microsoft Windows file share (also known as UNC) servers. You can configure how users interact with files on these servers by using the Allow and Block options in the Exchange Management Console. This means that you can specify which servers your users can access. You can also specify the behavior for Windows file share servers that have not been specifically allowed or blocked when users try to access them by using Outlook Web App.

For more information about how to configure file and data access for Outlook Web App, see Understanding Security for File and Data Access for Outlook Web App.

Secure Sockets Layer

SSL is a method for securing communications between a client and a server. For a computer that is running Exchange 2010 that has the Client Access server role installed, SSL is used to help secure communications between the server and the clients. Clients include mobile phones, computers inside an organization's network, and computers outside an organization's network. These include clients that have and do not have virtual private network (VPN) connections.

For more information about SSL, see the following topics:

 © 2010 Microsoft Corporation. All rights reserved.