Outlook Anywhere with ESP Exchange 2013 &2016


Enable Kerberos Contained Delegation (KCD) with the Edge Security Pack (ESP) for Outlook Anywhere.

Note: For Exchange 2013 you will need to configure Exchange to use MAPI over HTTP. 





1. Configure EWS and MAPI Sub-Virtual Services (SubVSs) with NTLM for Client Side Authentication and KCD for the Server Side Authentication.  

You will need to have a functioning KCD environment previously in place. Please refer to our KCD documentation for further information:



1.1 Navigate to your Exchange Virtual Service > EWS SubVS.

Enable NTLM in Client Authentication Mode.

Enable KCD in Server Authentication Mode and select your configured Server Side configuration.



1.2 Navigate to your Exchange Virtual Service > MAPI SubVS.

Enable NTLM in Client Authentication Mode.

Enable KCD in Serer Authentication Mode.


2.   Configure Outlook Anywhere for client side NTLM Authentication using ECP.

2.1 Log into ECP as an Exchange Administrator > Servers > Open (Double Click) Exchange Server > Outlook Anywhere > Specify Authentication Method for External Clients to use. Set to NTLM and Save.


Was this article helpful?

0 out of 0 found this helpful