Authenticating Outlook Anywhere

Last updated: 19 March 2014

As an organization with security close to our heart I was pleased to learn last week that Microsoft has introduced smart card authentication with Outlook Anywhere, as reported by @PaulRobichaux. As more and more companies start to embrace remote working – to get the most out of their employees wherever they are and let them work when it suits them best – it seems slightly surprising that Microsoft has only just enabled this.

Previously, to access Microsoft Exchange accounts outside the organization’s firewall, when at home or traveling, you needed a virtual private network (VPN) connection. With Outlook Anywhere, an alternative to VPN connections, you connect to Exchange through the Internet using Remote Procedure Call (RPC) over HTTP. While smart card-based authentication has been supported by Windows for a number of years, it was missing as a second authentication factor with Outlook Anywhere. Luckily, this is no longer the case and we can now ensure that all remote workers have secure (multi authentication) access to their organization’s networks. This is all the more the more pressing following recent hacking attacks, as this infographic shows.

You can learn how to configure smart card authentication for Outlook Anywhere here.

My question for readers is, will your organization be implementing smart card authentication on Outlook Anywhere now that Windows supports it? And if not, why not?