Outlook Web Access (OWA) allows mobile and remote users to access email over the Internet, a convenience for the...
user but a continuous security headache for Microsoft Exchange administrators. In this fast guide, get tips on how to combat Outlook Web Access security concerns associated with email attachments and OWA user authentication. You'll also find some best practices for setting up Secure Sockets Layer (SSL) certificates and customizing OWA's security features in Microsoft Exchange Server.
TIPS AND TUTORIALS
How to customize OWA in Exchange Server 2007 (tutorial)
Learn how to make security-based customizations to manage mobile and remote device users' access to email attachments and how to apply OWA segmentation to control which Microsoft Outlook email features they can use.
Alleviate Outlook Web Access email attachment security issues
Outlook Web Access email attachments are often exposed to unauthorized users. Learn about an OWA add-in that helps secure and manage email file attachments.
Modify OWA authentication logon in Exchange Server 2003
In Exchange Server 2003, Outlook Web Access authentication requires, by default, a domain name and username to log on. Learn how to customize the OWA logon to avoid this hassle.
Configure email attachment blocking in Outlook Web Access
Find out how to edit the registry to customize which email attachment file extensions are automatically blocked by Outlook Web Access.
Set up an SSL certificate to encrypt OWA and ActiveSync traffic
Learn step-by-step how to set up Windows 2003 as a certificate authority, create an SSL certificate and encrypt email traffic for OWA and Exchange ActiveSync.
OWA 'Loading' problems with Internet Explorer security zones
Making changes to Internet Explorer (IE) security zone definitions can cause Outlook Web Access to malfunction, particularly if it's done by a user who isn't well-versed in OWA's security zone setting requirements. Discover how to detect the problem and properly modify your settings for a quick solution.
OWA authentication issues when using a proxy server
OWA can work on a server directly available from the Internet or a server concealed by a proxy. If you have the latter setup, watch out for potential OWA authentication issues.
Protect Outlook Web Access from keystroke loggers
Learn methods for protecting OWA against keystroke loggers, and discover more secure alternatives to OWA that still allow remote access for Exchange users.
Enhance OWA logon security using Microsoft ISA Server
By default, Exchange Server 2003 prevents users from opening other users' mailbox accounts after a successful OWA logon. However, there is a way to assign service account access to all mailboxes in Exchange 2003. Discover how to enhance Outlook Web Access logon security using Microsoft ISA Server to avoid this security issue.
How to set up an SSL certificate for OWA without a public IP address
It's possible to set up an SSL certificate for Outlook Web Access without having a public IP address, but read these troubleshooting tips if you want to avoid certificate errors.
Monitor Outlook Web Access logon attempts
You can check to see who has logged onto a user's OWA account, but first you must enable OWA logging. Here's how.
- Still stumped about OWA security? Ask an OWA security question in our IT forum.
- If you have any comments on this OWA security fast guide, please email us.