No announcement yet.

Activesync Security

  • Filter
  • Time
  • Show
Clear All
new posts

  • Activesync Security

    I dont know if this is the right place to post this question, but in my mind it's where it fits; I was looking at the 'Problems with form based authentication and ssl in activesync' article on this site @ . It obviously leans toward the 3rd option as the most viable solution in most cases (including mine) but i havent been able to find information on encryption as it relates to wireless activesync. My question is this: if i create another OWA site without SSL so that my users have the ability to sync over the air, is it secure?

    Thanks in advance

  • #2
    Re: Activesync Security

    I wouldn't use a second web site to do IIS. Any reason you have chosen that option?

    If you want to use Forms Based Authentication and SSL then you simply need to make some changes to the IIS configuration. These are outlined in 817379 or my article at (which is basically the same as option 3 in Daniel's article).

    If you don't use SSL then you have no security. Your usernames and passwords are going across a mobile network in the clear.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.