Since joining the Exchange Customer Experience team a few months ago, a question I'm commonly asked (aside from “When are you taking over the storage calculator from Ross? He’s a busy chap and as t...
Updated Jul 01, 2019
Version 2.0
Blog Post
@Jonas - glad you liked it first off.
With regard to Basic vs NTLM from a user perspective, Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 world, Basic can mean no need to authenticate every time you open/reconnect, but in all earlier versions, you will have to enter creds every time.
NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this. That's in the future Whitepaper.
NTLM on a machine without cached creds will again result in a pop up - or... there is a way to avoid that, but again for that you'll have to read the upcoming whitepaper on how to get OA NTLM to work through TMG... yes, it's a teaser... Reason is, the steps to get OA/NTLM to work, with pre-auth are complex, and I'd rather I give you all the steps you need than ask you to join the dots. It won't be long before it's ready.
With regard to Basic vs NTLM from a user perspective, Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 world, Basic can mean no need to authenticate every time you open/reconnect, but in all earlier versions, you will have to enter creds every time.
NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this. That's in the future Whitepaper.
NTLM on a machine without cached creds will again result in a pop up - or... there is a way to avoid that, but again for that you'll have to read the upcoming whitepaper on how to get OA NTLM to work through TMG... yes, it's a teaser... Reason is, the steps to get OA/NTLM to work, with pre-auth are complex, and I'd rather I give you all the steps you need than ask you to join the dots. It won't be long before it's ready.