- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- White paper
- Get started with UEMs
- Introduction
- Blackberry UEM
- Samsung Knox Manage
- Admin Guide
- Knox Service Plugin
- Knox Mobile Enrollment
- Introduction
- FAQs
- KBAs
- Release notes
- Get Started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google Device Owner Support
- MDM Compatibility Matricies
- Device users
- Activity log
- Enrolling and unenrolling devices
- Configure devices
- Providing KME feedback
- Using the Knox Deployment App (KDA)
- Recovering Google FRP locked devices using KME
- Role-based access control (RBAC)
- Troubleshoot
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Manage
- Introduction
- FAQs
- KBAs
- Release Notes
- How-to videos
- Getting Started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One Admin Guide
- Knox E-FOTA Advanced Admin Guide
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
To configure the Exchange server by authenticating the users on the devices with Exchange ActiveSync, additional settings are required for Certificate Authentication (CA), SSL, and client certificates.
Enabling Certificate Authentication (CA)
Active Directory Client Certificate Authentication must be enabled to configure Certificate Authentication.
To configure Certificate Authentication (CA), complete the following steps:
1. On your desktop, click Start > Run.
2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
3. In the Connections node, select the name of your web server, and then double-click Authentication in the “IIS” section.
4. Double-click Active Directory Client Certificate Authentication, and then click Enable in the “Actions” window.
Enabling SSL
After enabling Active Directory Client Certificate Authentication, the SSL must be enabled to use Active Directory Client Certificate Authentication.
To enable SSL, complete the following steps:
1. On your desktop, click Start > Run.
2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
3. In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click SSL Settings in the “IIS” section.
4. Click the checkbox next to Require SSL, and then click Require under Client certificates.
5. Click Apply in the “Actions” window.
Configuring client certificate mapping
Configure client certificate mapping after enabling Certificate Authentication and applying SSL.
To configure client certificate mapping, complete the following steps:
1. On your desktop, click Start > Run.
2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
3. In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click Configuration Editor in the “IIS” section.
4. From the Section drop-down menu, navigate to system.webServer/security/authentication.
5. Select True in the “enabled” section, and then click Apply in the “Actions” window.
