Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-07-24

Use the Authentication tab to select the authentication method or methods that you want to use for Exchange ActiveSync.

The properties that you set in this dialog box will update the Internet Information Services (IIS) metabase.
Basic authentication (password is sent in clear text)

Select this check box if you want the mobile device to send the user name and password in clear text.

Because passwords are sent in clear text with Basic authentication, you should configure Secure Sockets Layer (SSL) to encrypt data transferred between your mobile clients and the Exchange ActiveSync virtual directory.
Client certificate authentication
  • Select whether you want to ignore, accept, or require client certificate authentication.

  • Certificates can reside in the certificate store on a mobile device or on a smart card. A certificate authentication method uses the Extensible Authentication Protocol (EAP) and Transport Layer Security (TLS) protocols. In EAP-TLS certificate authentication, the client and the server prove their identities to each other. For example, an Exchange ActiveSync client presents its user certificate to the Client Access server, and the Client Access server presents its computer certificate to the mobile device to provide mutual authentication.

    Requiring client certificates will force you to configure SSL on the Web site that is hosting the Exchange ActiveSync virtual directory.
Anonymous access to the Exchange ActiveSync virtual directory should always be turned off.