Microsoft Turns Off Basic Authentication for Autodiscover
Now that they've disabled basic authentication for email connection protocols, Microsoft is doing the same for the Autodiscover service. This makes sense.
November 18, 2022
Latest Articles
Make Sure Your Implementation of Autodiscover Avoids Common Pitfalls
This article explains the importance of deploying Autodiscover correctly to ensure that all of Microsoft 365 works, including Exchange Online.
September 14, 2022
Researcher Says Autodiscover Problem is Client-Side, Not in Exchange
An interesting and worthwhile interview with security researcher Amit Serper reveals a lot more detail about the Autodiscover credential leak reported by Guardicore last month.
October 12, 2021
Why a Potential Autodiscover Flaw is Just the Tip of an Iceberg
It's often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange - however, the Autodiscover protocol isn't flawed in the way they describe. Even though the issue is hard to replicate, it shouldn't distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.
September 28, 2021
Hot Air and Publicity for Purported Autodiscover Security Flaw
Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don't think a problem exists with Exchange Online, but it's possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.
September 23, 2021
Fixing Autodiscover Root Domain Lookup Issues for Mobile Devices
How to fix Exchange Server Autodiscover failures for ActiveSync mobile devices due to HTTPS issues with root domain lookups.
November 17, 2016
Outlook Certificate Security Alert after Exchange Server 2013 Installation
Outlook clients may begin displaying a security alert warning dialog after an Exchange 2013 server installed into an existing organization.
May 29, 2014
Exchange Server 2010 to 2013 Migration – Reviewing Autodiscover Configuration
Some considerations for Autodiscover when planning an Exchange 2013 deployment in an existing Exchange 2010 organization.
May 29, 2014
Exchange Server 2013: Using Test-OutlookWebServices to Verify Web Services Functionality
Using the Test-OutlookWebServices PowerShell cmdlet to test web services in Exchange Server 2013.
August 7, 2013
Exchange 2010 FAQ: Common Concerns When Installing the First Exchange 2010 Server
A run down of some of the common concerns people have when installing the first Exchange 2010 server into their production environment.
July 15, 2012
Publishing Different Geographic ActiveSync URLs using AutoDiscover
How to publish different Exchange ActiveSync URLs for multiple geographic locations with Autodiscover in Exchange Server 2010.
March 26, 2012
Exchange 2010 FAQ: Do I Need Autodiscover Names in the SSL Certificate?
How to configure your Exchange 2010 SSL certificate to include the correct Autodiscover names.
June 12, 2011