Two-Factor Authentication for Outlook Anywhere

Many companies use RSA SecurID to support two-factor authentication and have implemented with Microsoft ISA to support two-factor authentication for OWA and ActiveSync with fantastic results. I’ve been asked lately if it is possible to support two-factor authentication with Outlook Anywhere. Using RSA products, it does not appear possible. I have read a couple blogs about creating a custom website that could be used as an RSA “front-end” to Outlook Anywhere but I prefer not to overcomplicate matters.

When researching for RSA solutions, I came across Deepnet Unified Authentication for Outlook that looks like a promising solution for enabling two-factor authentication for Outlook Anywhere.

http://www.deepnetsecurity.com/solutions2/outlook.asp

I spoke to a Deepnet sales manager today and the Deepnet product suite addresses the following security concerns shared by most security administrators:

1. Weak Authentication
Deepnet allows you to enable two-factor authentication for Outlook Anywhere

2. Unmanaged devices
Only those client PCs with the Deepnet agent installed can access Outlook Anywhere. The client software we discussed was DevicePass, which is used to create a machine fingerprint. The “fingerprint” information can include the machine’s serial number, motherboard ID, CPU ID, BIOS, MAC Address, etc, etc. This ensures that only those machines approved by the company can connect to the email system using Outlook Anywhere.

3. Insecure Local Data
Deepnet can be used to enforce a disk encryption policy thereby protecting local data should a laptop be stolen.

They sent me a small PowerPoint file which provided a high-level overview of the Deepnet architecture and I hope they don’t mind me sharing it here:

Basically, 3 items are going to be required. A Deepnet Authentication Server (which can be a VM), the Deepnet Agent for IIS (installed on the Exchange 2007 CAS), and the Deepnet Agent on the client machines. Deepnet stated that the installation of these components is very easy as no consulting time is needed, in fact, they said the solution could be up and active within a day. Also, it can work with RSA so there’s no cutover required. Deepnet can replace RSA, but it can be a migration.

I’m very excited about the possibilities and hope to have more posts very soon as we should receive a fully functional 30-day evaluation license on Monday.

3 Comments

Filed under Microsoft, Security, Windows Server

3 responses to “Two-Factor Authentication for Outlook Anywhere

  1. Hello Ballblog,

    Did you ever get around to testing the Deepnet Security offering, if so how did it go, did you end up purchasing and deploying it.

    thanks,

    Paul

  2. There are numerous programs for working with other types of files. But I missed my Outlook messages and no one of famous application didn't assist me. I decided to work with one of search engine and I gave the positive result. Besides I consider this tool would be good choice in this situation – converting ost file to pst.

  3. Anonymous

    This has the possibility of fixing a problem that is plaquing most companies. Outlook Anywhere is great except for the fact that a home user can connect their PC (via Outlook) to corporate, and download the mailbox. When it comes audit time, I can't answer the question if we have data leak prevention. Frankly, I feel Microsoft missed the boat on this one. Why they did not consider at least Machine Certs for authentication is beyond me.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s