Dear all,
I'm still in the process of reviewing Paul’s book "iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment" as I'm in search of some answers regarding Cert Based Auth (CBA) for Exchange 2013 ActiveSync (EAS) devices, i.e. iOS devices, and management of corresponding user
certificates in Active Directory, user accounts, and the iOS device. I didn’t find any answers on your site and Paul’s site, yet. Thus I decided to get in touch with you guys.
Please let me elaborate:
We're facing the aforementioned request from one of our clients (ca 20.000 users), who wants to implement CBA on Exchange 2013 (EAS and OWA) to secure endpoint devices, i.e. Apple iPhones. How to implement CBA and corresponding Active Directory, and PKI requirements
is not an issue here. Thing is, we're still struggling with how to automate user certificate enrollment on a yearly basis (as user certificate will only be valid for 1 yr), and to ensure that renewed certificates will be placed on the user account appropriately.
We know how to provide users with renewed user certificates for the mobile device (with a separate MDM solution in place, being able to push certificates to the mobile device), but we don't know whether and how the Active Directory side of things in terms
of CBA and certificate management can be fully automated and functionality ensured w/o interruption of services.
Is this even possible?
I'd appreciate any help.
Kind regards
Alex
Alexander Ollischer Diplom-Wirtschaftsinformatiker (FH) Citrix & Microsoft Certified Engineer (CCEA, CCEE, MCSA, MCSE, MCDBA, MCTS) Afontis IT+Services GmbH Baierbrunner Straße 15 81379 München Deutschland Telefon (089) 74 34 55-0 Fax (089) 74 34 55-55 mailto:a.ollischer@afontis.de http://www.afontis.de http://www.itganzeinfach.de Amtsgericht München, HRB 109 005 Geschäftsführer: Thomas Klimmer