none
Basic vs NTLM Authentication Outlook Anywhere RRS feed

  • Question

  • Hello All,

    1-  What is benefit of using NTLM over Basic or Basic over NTLM?

    2-  When using Basic, during profile creation from internet it asks for the password again once the profile is being created even when trying to create autodiscover request one has provided the password? is this normal behavior?

    3-  When using NTLM, during profile creation from internet it asks for the password again once the profile is being created even when trying to create autodiscover request one has provided the password? is this normal behavior?  Before it was not asking for the password, but it is asking for the password now like it does in basic?

    4-  Which one is recommended?

    Thanks in advance.

    Thursday, March 15, 2012 9:52 PM

Answers

  •  

    Hello,

    1: Some third-party firewall may not support the NTLM authentication.

    2&3:  

    Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 world, Basic can mean no need to authenticate every time you open/reconnect, but in all earlier versions, you will have to enter creds every time.

    NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this.

    4: If your firewall support NTLM, it will be more comfortable for users.

    Thanks,

    Simon

    • Marked as answer by Geek Seek Saturday, March 24, 2012 2:21 PM
    Monday, March 19, 2012 2:29 AM

All replies

  • Thanks for the reply.  In order to confirm my understanding, i would appreciate if you could answer them one by one.  thanks.
    Sunday, March 18, 2012 6:02 PM
  •  

    Hello,

    1: Some third-party firewall may not support the NTLM authentication.

    2&3:  

    Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 world, Basic can mean no need to authenticate every time you open/reconnect, but in all earlier versions, you will have to enter creds every time.

    NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this.

    4: If your firewall support NTLM, it will be more comfortable for users.

    Thanks,

    Simon

    • Marked as answer by Geek Seek Saturday, March 24, 2012 2:21 PM
    Monday, March 19, 2012 2:29 AM
  • Thanks.  Appreciate it.
    Saturday, March 24, 2012 2:24 PM