Disable Basic Auth on Exchange 2016?

459 views
Skip to first unread message

Jonathan Raper

unread,
Aug 9, 2022, 11:43:12 AM8/9/22
to ntsys...@googlegroups.com
Cross posted for visibility….
 
I’m new to an environment that has a 2016 hybrid configuration with all mailboxes in 365. Still have mailbox, hub transport, and CAS, but all of those are running  Ex 2010 (they are soon to go).

Security people are saying Basic Auth needs to be disabled. We’re not worrying with Ex2010, since it is going away. However…. Basic Auth is enabled on some of the virtual directories on the 2016 servers, which are not going away, as they are needed for management and SMTP relay.

From what I can tell, it seems that MSFT has addressed this for Ex2019, but I’m not finding much on how to properly deal with this for Ex2016.

Autodiscover: Windows Authentication and Basic Auth are both checked

ECP & OWA: the FBA radio button is selected, however under the “standard authentication” radio button, Integrated Windows Authentication and Basic Authentication are both checked

I’m new to the environment, so I do not yet know where their Autodiscover DNS records point (or any other records for that matter)

Any guidance would be appreciated….

Thanks,

Jonboy


Philip Elder

unread,
Aug 10, 2022, 3:55:22 PM8/10/22
to ntsys...@googlegroups.com

Jonathan,

 

I can’t post to NTExchange and I’m tired of trying to figure out how to do so. I get the e-mails but no joy on posting.

 

Forms Based Authentication wraps the Basic Auth in an HTTPS tunnel. It’s set up that way for both /ecp and /owa in Exchange. It’s why the upper radio button for the authentication types is greyed out.

 

I suggest not making any changes to the IIS virtual directories. That’s just asking for trouble.

 

Philip Elder MCTS

Senior Technical Architect

Microsoft High Availability MVP

E-mail: Phili...@mpecsinc.ca

Phone: +1 (780) 458-2028

Web: www.mpecsinc.com

Blog: blog.mpecsinc.com

Twitter: Twitter.com/MPECSInc

Skype: MPECSInc.

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Jonathan Raper
[REDACTED]

Reply all
Reply to author
Forward
0 new messages