...
The Bastion should have a configuration for supporting certification on it's HTTPS listener
Client set-up
Windows: /wiki/spaces/SKYP/pages/625246999Configuring Outlook 2016 - Certificate Based Auth
MAC: Configuring Certificate Based Auth in MACMAC with client certificate for Exchange
CAF Filter High-level functionality :
...
- Verify that the device is managed by MDM
- Verify the compliance level of Device
- Register the device on SphereShield for getting visibility on all devices connecting externally to Exchange
- Verify that certificate is issued by root certificate as configured by MDM vendor
- Validate certificate values based on regex engine
- Configurable mapping of certificate attributes to extract user and device info from certificate
- Update last saw time and the last IP used of a device
- Write into security auditing all events
- Enable validation/inserting data based on specific CN out of the subject/issuer
Topology:
