Share via

Extended Protection in combination with Azure AD app proxy

Stephan van den Heuvel 36 Reputation points
Feb 26, 2024, 3:45 PM

Hello, We have deployed Azure AD application proxy connectors to access on-premises Exchange webmail. As soon as we enable Extended Protection on OWA, webmail is not working. No matter if it's set on 'Allow' or 'Require', it has to be set to 'Off'. Can someone tell me if either AAD app Proxy Connector or AAD app Proxy Service is acting as an SSL offloader? I've read that SSL offloading is not supported. If so, will there be support to enable ExtProt in such situation? Thank you. Regards,
Stephan

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,173 questions
0 comments No comments
{count} vote

Accepted answer
  1. Andy David - MVP 150.9K Reputation points MVP
    Feb 26, 2024, 4:02 PM
    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Samuel Stoica 0 Reputation points Microsoft Agency Temporary
    Apr 22, 2024, 11:04 AM

    Please be so kind as to test the following:

    1. For each Exchange Server, remove the "Require SSL" flag under IIS Manager > Default Website > OWA > SSL Settings.
    2. For Modern Hybrid, the Extended Protection Token Checking for the EWS virtual directory should be set to NONE:

    Set-WebServicesVirtualDirectory -Identity 'ServerName\EWS (Default Web Site)' -ExtendedProtectionTokenChecking 'None'

    1. Similarly, set the Extended Protection Token Checking to NONE for the PowerShell virtual directory:

    Set-PowerShellVirtualDirectory -Identity 'ServerName\PowerShell (Default Web Site)' -ExtendedProtectionTokenChecking 'None'

    1. If you're using a Reverse Proxy, ADFS, or something similar, please switch from Preauthentication to Passthrough authentication.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.