Default settings for Exchange virtual directories in Exchange Server
Exchange Server 2016 and Exchange Server 2019 automatically configure multiple Internet Information Services (IIS) virtual directories during the server installation. The tables in the following sections show the settings for the Client Access (frontend) services on Mailbox servers and the default IIS authentication and Secure Sockets Layer (SSL) settings.
Client Access services (frontend) on Mailbox servers
The following table lists the default settings in the Client Access services (the default web site) on Exchange Mailbox servers.
| Virtual directory | Authentication method | SSL settings | Management method |
|---|---|---|---|
| Default Web Site | Anonymous | Required | IIS management console |
| API1 | Anonymous authentication Windows authentication |
SSL required Requires 128-bit encryption |
|
| aspnet_client | Anonymous authentication | SSL required Requires 128-bit encryption |
IIS management console |
| Autodiscover | Anonymous authentication Basic authentication Windows authentication |
SSL required Requires 128-bit encryption |
EAC or Exchange Management Shell |
| ecp | Anonymous authentication Basic authentication |
SSL required Requires 128-bit encryption |
EAC or Exchange Management Shell |
| EWS | Anonymous authentication Windows authentication |
SSL required Requires 128-bit encryption |
EAC or Exchange Management Shell |
| MAPI | Windows authentication | SSL required Requires 128-bit encryption |
EAC or Exchange Management Shell |
| Microsoft-Server-ActiveSync | Basic authentication | SSL required Requires 128-bit encryption |
EAC or Exchange Management Shell |
| OAB | Windows authentication | SSL required Requires 128-bit encryption |
EAC or Exchange Management Shell |
| owa | Basic authentication | SSL required Requires 128-bit encryption |
EAC or Exchange Management Shell |
| PowerShell | By default, all authentication methods are disabled. | Not required | EAC or Exchange Management Shell |
| Rpc | Basic authentication Windows authentication |
Not required | EAC or Exchange Management Shell |
1 The API virtual directory is available in Exchange 2016 CU3 or newer.
Back End Virtual Directories on Mailbox servers
The following table lists the default settings in the back end services on Exchange Mailbox servers.
| Virtual directory | Authentication method | SSL settings | Management method |
|---|---|---|---|
| Exchange Back End | Anonymous authentication | SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| API1 | Anonymous authentication Windows authentication |
SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| Autodiscover | Anonymous authentication Windows authentication |
SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| ecp | Anonymous authentication Windows authentication |
SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| EWS | Anonymous authentication Windows authentication |
SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| Microsoft-Server-ActiveSync | Basic authentication | SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| OAB | Windows authentication | SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| owa | Anonymous authentication Windows authentication |
SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| PowerShell | Windows authentication | SSL required Requires 128-bit encryption |
This virtual directory shouldn't be configured by the user. |
| Rpc | Windows authentication | Not required | This virtual directory shouldn't be configured by the user. |
| RpcWithCert | Windows authentication | Not required | This virtual directory shouldn't be configured by the user. |
1 The API virtual directory is available in Exchange 2016 CU3 or newer.