How to improve Outlook Web Access (OWA) security

Two big Outlook Web Access security issues are email attachments and OWA user authentication. Get tips on how to improve Outlook Web Access security here.

Still stumped about OWA security? Ask an OWA security question in our IT forum.

If you have any comments on this OWA security fast guide, please email us.

Outlook Web Access (OWA) allows mobile and remote users to access email over the Internet, a convenience for the user but a continuous security headache for Microsoft Exchange administrators. In this fast guide, get tips on how to combat Outlook Web Access security concerns associated with email attachments and OWA user authentication. You'll also find some best practices for setting up Secure Sockets Layer (SSL) certificates and customizing OWA's security features in Microsoft Exchange Server.

TIPS AND TUTORIALS--------------------------------------------------------------------------------

How to customize OWA in Exchange Server 2007 (tutorial)
Learn how to make security-based customizations to manage mobile and remote device users' access to email attachments and how to apply OWA segmentation to control which Microsoft Outlook email features they can use.

Alleviate Outlook Web Access email attachment security issues
Outlook Web Access email attachments are often exposed to unauthorized users. Learn about an OWA add-in that helps secure and manage email file attachments.

Modify OWA authentication logon in Exchange Server 2003
In Exchange Server 2003, Outlook Web Access authentication requires, by default, a domain name and username to log on. Learn how to customize the OWA logon to avoid this hassle.

Configure email attachment blocking in Outlook Web Access
Find out how to edit the registry to customize which email attachment file extensions are automatically blocked by Outlook Web Access.

Set up an SSL certificate to encrypt OWA and ActiveSync traffic
Learn step-by-step how to set up Windows 2003 as a certificate authority, create an SSL certificate and encrypt email traffic for OWA and Exchange ActiveSync.

OWA 'Loading' problems with Internet Explorer security zones
Making changes to Internet Explorer (IE) security zone definitions can cause Outlook Web Access to malfunction, particularly if it's done by a user who isn't well-versed in OWA's security zone setting requirements. Discover how to detect the problem and properly modify your settings for a quick solution.

OWA authentication issues when using a proxy server
OWA can work on a server directly available from the Internet or a server concealed by a proxy. If you have the latter setup, watch out for potential OWA authentication issues.

Protect Outlook Web Access from keystroke loggers
Learn methods for protecting OWA against keystroke loggers, and discover more secure alternatives to OWA that still allow remote access for Exchange users.

EXPERT ADVICE---------------------------------------------------------------------------------------

Enhance OWA logon security using Microsoft ISA Server
By default, Exchange Server 2003 prevents users from opening other users' mailbox accounts after a successful OWA logon. However, there is a way to assign service account access to all mailboxes in Exchange 2003. Discover how to enhance Outlook Web Access logon security using Microsoft ISA Server to avoid this security issue.

How to set up an SSL certificate for OWA without a public IP address
It's possible to set up an SSL certificate for Outlook Web Access without having a public IP address, but read these troubleshooting tips if you want to avoid certificate errors.

Monitor Outlook Web Access logon attempts
You can check to see who has logged onto a user's OWA account, but first you must enable OWA logging. Here's how.

This was first published in May 2008

Dig deeper on User Authentication for Microsoft Outlook and OWA

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close