Tips To Enable Better Outlook Web Security

The Outlook web access is technically the webmail interface for Microsoft exchange server. Also know OWA, it makes easy for the users to access email messages, calendar entries, contact list and tasks with the help of a web supported browser and internet connection. It gives exactly the similar experience to the user which he/she might have on Microsoft Outlook with an add feature to be accessed across devices and locations giving more flexibility to the users using 2fa For Microsoft Exchange Server.

The Exchange server was initially developed by Microsoft as an internal mail server but later on opened for the outside world with their first release known as Exchange Server 4.0. Initial the exchange server used propriety protocol called MAPI but later on support was added for POP3, IMAP and EAS. So in the present context it works both as email server and also an email client.

For understanding how can you make Outlook web access more secure you need two factor authentications for outlook web access to understand the system from various angles?

User Login options: The system allows an user to login into system by two possible version –Lite and the Premium keeping in the view the availability of bandwidth at the user end so that the experience remains same all across. More importantly another factor to look into where the system gives an option to the user to define a device as private or public during the process of login. In case of public devices the system tries to keep a check in the overall security by the reducing the session time by only 15 minutes compared to private devices wherein the default session timeout is 12 hrs. So in case of public devices if the system notices an inactivity of 15 minute or more will log you out of the system giving you extra layer of security when your employee accessing it from places which are not part of the corporate network.

Enabling SSL with a digital signature: In a case your employees are accessing their email through an outside network which are not necessarily encrypted through a VPN or any other encryption channel then non encrypted (HTTP) access is not advisable so it is always advised to enable encryption in the form of SSL (HTTPS)

Rules for the administrators: In case of hackers who generally start with the mundane methods of breaking into your system it is necessary to keep a periodic track of the user login behavior. It is always a very important data point to understand the security breaches better. Excessive bad login attempts in actually a signal for possible chances of facing vulnerability.

Other than the tips mentioned above you should look at improving the security at the user level. A recent report from a US based security consultancy firm about the possible backdoor to the Exchange server make it more important for you implement authentication level security on user level both on OWA and Active sync. As a CTO or a CSO you should look at the system that can be enable which protect the user at all access point across devices and across multiple operating system which makes the security of email architecture more robust and also don’t affect your productivity of the corporate users.

I am Technology Evangelist. I am part of the core team of Authshield Labs and have been actively involved in research on information security vulnerabilities.