Forum Discussion

David_Glasgow_1's avatar
David_Glasgow_1
Icon for Nimbostratus rankNimbostratus
Nov 10, 2016

Publishing Exchange with a single IP

Hi All

 

We wish to publish our exchange services behind a single virtual server. However in order to complete meet our internal policies we need to have 2 factor authentication applied.

 

When accessing /microsoft-server-activesync* access would be allowed with a single factor - exchange is configured to only allow known devices to connect.

 

When connecting using other methods you would be prompted via the APM for username and password, then a sms token number...

 

Keen for any ideas on how we complete this?

 

Thanks

 

1 Reply

  • Hi David, the better way I see to do what you require is using a two level VS. You have to make a first VS with the ip of the service. Attached to this VS you have to setup a policy in whitch you have to setup this rules:

     

    http-uri all starts-with /microsoft-server-activesync -> forward request to VS1 in any other case -> forward request to VS2

     

    then you: create VS1 (with a fake ip like 1.1.1.1) and setup this VS without apm policy create VS2 (with a fake ip like 1.1.1.2) and setup this VS with apm policy

     

    So you make a "chain" that permit you to select the VS according to the uri requested by the client. Sorry for my terrible english, I hope it's clear.

     

    regards

     

    Leonardo