Hi Jim, Without knowing the details of your RSA setup/firewall/phone type and exchange config is pretty had to answer, but...hey ... ill have a go with some principles :-)
Both services run over port 80(or 443), if your 2 factor security controls just the port 80(or 443), then yes, I would expect your phones to be broken. If your 2-factor security is able to control the urls then you may be able to configure each url separately http://server/exchange/owa 2-factor http://server/exchange/oma no 2-factor http://server/excahnge/activesync no 2-factor these urls may be wrong... but give you an idea have a look at \\server\WINDOWS\system32\LogFiles\W3SVC1 log files to give you an idea of the URLs used it depends on the exchange service and the url it uses In our case we us RSA-secureid integrated with our firewall and use vpn software on the windows mobile phones (or and windows device supported by the vpn software). This means that the phone user needs to validate using two factor each time they establish a data session (vs send/receive email) typically, this is once a day. Our (my??) security policy is that any port inward must have 2-factor authentication, unless there is a very good reason not to (port 25 in to our mail server has a very good reason :-) ). We buy phones that can run our VPN software. I am responsible for phones (all of ICT actually) so it is easy for the phone,mail and security department heads to come to agreement as it is all going on in my head...;-) One way to mitigate this is to have two front end servers, one that only has oma service running (for the phones) and the other to do the other services that require 2-factor. There may be other exchange tweaks that others could suggest??? HTH Cheers Dean -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Blunt Sent: Tuesday, 22 January 2008 05:53 To: Exchange Discussions Subject: 2-factor authentication Ladies and gentlemen, Just a quick question here. We have a native 2003 AD, with a native Exchange 2003 setup. We use RSA SecurID for our 2-factor authentication, when connecting to our network from an outside source. Our security guys want me to implement this 2-factor authentication on our OWA portal as well. The only question I have, is this: Will implementing the 2-factor authentication on the OWA portal break the push that we are capable of doing now, to management's cell phones? Thanks in advance, Jim _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] .com Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
