Details
Certificates can reside in the certificate store on a mobile device or on a smart card. A certificate authentication method uses the Extensible Authentication Protocol (EAP) and the Transport Layer Security (TLS) protocol. During EAP-TLS certificate authentication, the client and the server prove their identities to each other. For example, an Exchange ActiveSync client presents its user certificate to the Client Access server, and the Client Access server presents its computer certificate to the mobile device to provide mutual authentication.
Rationale:
Communications between Outlook and Exchange that are sent unencrypted are vulnerable to being captured by a malicious third party.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-RpcClientAccess -Server CAS01 EncryptionRequired $true
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.