Managing Outlook Anywhere Security

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

Topic Last Modified: 2006-09-13

This topic describes the Outlook Anywhere security options for your Exchange deployment.

Outlook Anywhere lets users access Exchange from the Internet. Because traffic on the Internet is more vulnerable than traffic within an intranet, we recommend that you consider a security strategy that involves as many security options as possible.

Using an advanced firewall server such as Microsoft Internet Security and Acceleration (ISA) Server 2006 improves security for your Outlook Anywhere deployment. ISA 2006 provides a setup wizard that lets you configure ISA 2006 for Microsoft Exchange Server 2007 by using Outlook Anywhere.

When you use Outlook Anywhere to access Exchange information from the Internet, you must install a valid Secure Sockets Layer (SSL) certificate issued by a certification authority (CA) that is trusted by the client computer's operating system. For more information, see How to Configure SSL for Outlook Anywhere.

If you have a hardware solution that is offloading the SSL encryption for traffic that is destined for your Client Access server, you must configure SSL offloading for Outlook Anywhere. For more information, see How to Configure SSL Offloading for Outlook Anywhere.

When you use the Enable Outlook Anywhere Wizard to configure your Client Access server to provide Outlook Anywhere access, you must select an authentication method to use. For more information, see How to Configure Authentication for Outlook Anywhere.