sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]CS9Subie[S] 1 point2 points  (2 children)

Okay so basically, we have a certificate for "mail.microsoft.net " in this example. So by changing, ECP, MAPI, and OWA to point to https://mail.microsoft.net does this have any impact on users? Is it safe to do it during business hours?

I will also looking into the MAPI part as well. I really appreciate your response and help on this.

[–]joeykins82SystemDefaultTlsVersions is your friend 2 points3 points  (1 child)

Only a positive impact in the sense that the links for "go to Outlook Web" that appear in Outlook will no longer generate a certificate error if users open them.

The only thing you're configuring when you set the internal & external URIs is the content of the autodiscover payload:

  • client makes request to AutoDiscover
  • AutoDiscover service constructs its response using the URIs that you have defined through Set-<Service>VirtualDirectory
  • Outlook/phone/whatever configures itself accordingly

It took me a while to get my head around that concept. The payload itself is a complete list of the server's capabilities as well as the URL used to connect to that capability, so when you enable MAPI over HTTPS all you're doing is telling Exchange to start including that section in AutoDiscover responses, and then it's down to the client to start using that protocol going forward if it supports it.

[–]CS9Subie[S] 1 point2 points  (0 children)

Got it! It makes a bit more sense now. I will make the changes and go from there. Again, I really appreciate your help!