Operations << >>

Security Levels

Basic authentication is the lowest level of security available for Internet or intranet users. Security for Outlook Web Access is configured through the Microsoft Internet Service Manager provided with IIS. When setting up basic authentication, you must also set up Log on Locally permission on the IIS computer.

If IIS and Microsoft Exchange Server are installed on the same computer, Windows NT Challenge/Response authentication can be enabled to offer a higher level of security than basic authentication. However, if IIS is installed on a different computer than Microsoft Exchange Server, Windows NT Challenge/Response authentication must be disabled.

Additional security can be established by enabling Secure Sockets Layer (SSL) on the IIS computer. SSL is used to encrypt data passed between the Web browser and IIS. This feature can be used only with Web browsers that support SSL, such as Microsoft Internet Explorer version 3.02 or Netscape Navigator version 3.01. A security certificate must be obtained to enable the use of SSL. The supplier of the security certificate provides instructions for setting up the server and the browsers. Either basic authentication or Windows NT LAN Manager (NTLM) security must be enabled on the IIS system to use SSL.

For more information about setting up SSL, see your Microsoft Internet Information Server documentation.