Hello, what is the best practices for enabling security to Outlook ANywhere connections, is enabling NTLM from CAS server for Outlook Anywhere enough ? Do I have to change something from the RPC on IIS ? Where does Outlook connect first to IIS or to the Exchange server as I am seeing that there are 2 places ( IIS and Exchnage ) where authentication can be configured. Exchange 2010 Thnaks

I'm not aware of any recommendations to "improve" security beyond the default installation, which requires HTTPS.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

what is the relation between Exchange and IIS RPC security settings ?

In general you can use NTLM unless you have a firewall or proxy that doesn't allow it. The authentication is encapsulated in HTTPS in either case.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Regarding to Security for Outlook Anywhere, I recommend you refer to the following articles: http://technet.microsoft.com/en-us/library/bb430792.aspx http://msexchangeteam.com/archive/2008/06/20/449053.aspx Hope it helps. NovakPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.