- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- White paper
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Migrate from Knox E-FOTA Advanced to Knox E-FOTA One
- Knox E-FOTA Advanced
- Knox E-FOTA on MDM
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
To configure the Exchange server by authenticating the users on the devices with Exchange ActiveSync, additional settings are required for Certificate Authentication (CA), SSL, and client certificates.
Enabling Certificate Authentication (CA)
Active Directory Client Certificate Authentication must be enabled to configure Certificate Authentication.
To configure Certificate Authentication (CA), complete the following steps:
1. On your desktop, click Start > Run.
2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
3. In the Connections node, select the name of your web server, and then double-click Authentication in the “IIS” section.
4. Double-click Active Directory Client Certificate Authentication, and then click Enable in the “Actions” window.
Enabling SSL
After enabling Active Directory Client Certificate Authentication, the SSL must be enabled to use Active Directory Client Certificate Authentication.
To enable SSL, complete the following steps:
1. On your desktop, click Start > Run.
2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
3. In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click SSL Settings in the “IIS” section.
4. Click the checkbox next to Require SSL, and then click Require under Client certificates.
5. Click Apply in the “Actions” window.
Configuring client certificate mapping
Configure client certificate mapping after enabling Certificate Authentication and applying SSL.
To configure client certificate mapping, complete the following steps:
1. On your desktop, click Start > Run.
2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
3. In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click Configuration Editor in the “IIS” section.
4. From the Section drop-down menu, navigate to system.webServer/security/authentication.
5. Select True in the “enabled” section, and then click Apply in the “Actions” window.
