Over the last several months, we have seen many customers adopting Microsoft Teams, even if their mailboxes are still hosted in an on-premises environment. One of the common issues in this scenario i...
Updated Nov 09, 2023
Version 8.0
Blog Post
Hello David Bargna and ViktGin ,
just to be clear for using application / reverse proxies like F5 BigIP, Citrix NetScaler, KEMP,... (like what's state of the art in enterprise environments) the following statement from this blogpost is correct as of today?
"Autodiscover and EWS URLs should be available from the Internet. Pre-Auth is not supported. If you use some sort of publishing system, you will need to configure pass-through."
I'm asking because all these listed modern reverse proxies do support oauth, so why isn't it supported from the Microsoft-Site to let the reverse proxy do the preauth with oauth protocol to the onprem exchange to get the highest point of security? I'm very sure that enterprise customers CISO's won't be ok with pass-through for Autodiscover and EWS URLs as it's a nonsense to secure OWA, MAPI, OAB and Microsoft-Server-ActiveSync with pre-auth but giving Autodiscover and EWS full open-door pass-through.
Are you able to give me a detailed statement about my thoughts?
Thanks so much in advance and best regards
Julian