Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »


Solution overview

AGAT supports access control for Exchange using client certification

For the sake of that, you need to use Bastion Reverse Proxy and the CAF Filter.

The Bastion should have a configuration for supporting certification on it's HTTPS listener

Client set-up

Windows: Configuring Outlook 2016 - Certificate Based Auth

MAC: MAC with client certificate for Exchange


CAF Filter High-level functionality :

  • Certificate-Based Authentication (CBA)  for Exchange on-premises.
  • Verify that Outlook can connect to Exchange only if the device has a certificate.

For Windows 10 and Mac

  1. Verify that the device is managed by MDM
  2. Verify the compliance level of Device
  3. Register the device on SphereShield for getting visibility on all devices connecting externally to Exchange
  4. Verify that certificate is issued by root certificate as configured by MDM vendor 
  5. Validate certificate values based on regex engine
  6. Configurable mapping of certificate attributes to extract user and device info from certificate
  7. Update last saw time and the last IP used of a device
  8. Write into security auditing all events
  9. Enable validation/inserting data based on specific CN out of the subject/issuer 






  • No labels