Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2010-09-30

Extended Protection for Authentication is a feature that helps to protect credentials for network connections that are being authenticated using Integrated Windows authentication. Integrated Windows authentication uses the Negotiate, Kerberos, and NTLM authentication methods. We strongly recommend that you use Extended Protection for Authentication if you're using Integrated Windows authentication.

Exchange Server 2010 Service Pack 1 (SP1) supports Extended Protection for Authentication. However, by default, Extended Protection for Authentication isn't enabled on computers running Exchange 2010.

Contents

Requirements for Extended Protection for Authentication

Exchange 2010 Prerequisite Checking

For More Information

Requirements for Extended Protection for Authentication

To use this feature, both the client and the server must be running a Microsoft Windows operating system that includes the Extended Protection for Authentication security update.

Default installations of Windows 7 and Windows Server 2008 R2 operating systems include this security update. However, for client or server computers that are running other versions of Windows (for example Windows Vista or Windows Server 2008 SP2), you must install the update. For detailed information about the operating systems that are supported by default, see Microsoft Knowledge Base article 973811, Microsoft Security Advisory: Extended protection for authentication.

Exchange 2010 Prerequisite Checking

Exchange 2010 Setup doesn't require that the Extended Protection for Authentication security update be installed before Setup can continue. Instead, when you set up Extended Protection for Authentication for the first time, you'll be prompted to install the security updates referenced in Microsoft Knowledge Base article 968389, Extended Protection for Authentication on your computer if they're not already installed.

For More Information