Outlook Anywhere - Extended Protection

Question

We have two 2019 Exchange Hybrid Servers. We are preparing the Exchange servers for extended protection. I am confused on which of the following commands to run in order to disable SSL Offloading on Outlook Anywhere:

Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false

Or

Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false -InternalClientsRequireSsl $true -ExternalClientsRequireSsl $true

Thanks for your help.

Answer 1

The first one for both servers

RUn the healthchecker to verify the prereqs after you set this

Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false

Answer 2

Hi, first let me explain the difference between the two commands:

1. Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false

This command disables SSL offloading and ensures that no SSL decryption takes place between the client and the server.That is, no SSL decryption is performed between the client and the server.

1. Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false -InternalClientsRequireSsl $true -ExternalClientsRequireSsl $true

This command not only disables SSL offloading, but also specifies the client requirements:

• -InternalClientsRequireSsl $true: Requires internal clients to use SSL connections.
• -ExternalClientsRequireSsl $true: Requires the external client to use an SSL connection.

According to your content, you don't use outlook anywhere anymore, so you don't need to think about forcing both internal and external clients to use SSL when connecting to Outlook Anywhere.Here I suggest you just use the first cmdlet to disable SSL Offloading on Outlook Anywhere directly.