Outlook Anywhere - Extended Protection

mara2021 1,121 Reputation points
2024-03-14T18:50:30.7066667+00:00

We have two 2019 Exchange Hybrid Servers. We are preparing the Exchange servers for extended protection. I am confused on which of the following commands to run in order to disable SSL Offloading on Outlook Anywhere:

Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false

Or

Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false -InternalClientsRequireSsl $true -ExternalClientsRequireSsl $true

Thanks for your help.

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,195 questions
Outlook | Windows | Classic Outlook for Windows | For business
Exchange | Exchange Server | Management
Exchange | Hybrid management
{count} votes

Accepted answer
  1. Andy David - MVP 157.8K Reputation points
    2024-03-14T19:18:40.5566667+00:00

    The first one for both servers

    RUn the healthchecker to verify the prereqs after you set this

    Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false


1 additional answer

Sort by: Most helpful
  1. Anonymous
    2024-03-15T08:00:28.3333333+00:00

    Hi, first let me explain the difference between the two commands:

    1. Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false

    This command disables SSL offloading and ensures that no SSL decryption takes place between the client and the server.That is, no SSL decryption is performed between the client and the server.

    1. Set-OutlookAnywhere -Identity "EX01\RPC (Default Web Site)" -SSLOffloading $false -InternalClientsRequireSsl $true -ExternalClientsRequireSsl $true

    This command not only disables SSL offloading, but also specifies the client requirements:

    • -InternalClientsRequireSsl $true: Requires internal clients to use SSL connections.
    • -ExternalClientsRequireSsl $true: Requires the external client to use an SSL connection.

    According to your content, you don't use outlook anywhere anymore, so you don't need to think about forcing both internal and external clients to use SSL when connecting to Outlook Anywhere.Here I suggest you just use the first cmdlet to disable SSL Offloading on Outlook Anywhere directly.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.