By default, Exchange 2010 requires that users login with their fully qualified domain credentials. So, for instance, mycompany\julia instead of just using the login name. For many installations, there is only one Windows domain, and requiring the domain name to be entered is a little silly. How do you assume the domain so that users do not have to type it?
- Open the Exchange Management Console (EMC):
- Login to your Exchange server
- From the Start menu | Select Exchange Management Console
- Edit the Client Access settings:
- Expand Microsoft Exchange On-Premises | Server Configuration | Client Access
- Highlight the server name in the top-middle panel
- Goto the “Outlook Web App” tab in the bottom-middle panel
- Highlight “owa (Default Web Site)
- Click the second Properties link on your right…
(Note: the first Properties link is the properties of the server not the website)
- Change the default authentication settings:
- In the “owa (Default Web Site)” properties dialog box, goto the Authentication tab
- Check “Use forms based authentication”
- Select the “User name only” checkbox
- Click the Browse button and select a local domain
- Click the Apply button to save your changes
- Close EMC
- Restart the website:
- Open Administrative Tools | IIS Manager
- Expand Server | Sites | Default Web Site
- From the right-hand-side, select Manage Website | Restart
- Once the website restarts successfully, close IIS Manager
Making this change worked fabulously. I suppose that if you allow outside access to your OWA that assuming the domain removes a little “security by obscurity”. However, considering that most organizations have a pretty URL that includes the organizations name, its not too much of a stretch for folks to guess your domain from the URL. I think in this case, the convenience to end users is worth the additional small security risk.