Configure Exchange Outlook Web Application and Exchange Admin Center

Step 1: Configure integration for Exchange OWA in Hideez Server

1. Login to Hideez Server as Administrator.

2. Navigate to WS Federation Settings:

   • Go to Settings → Parameters → WS Federation section.

3. Add Exchange OWA as a Service Provider:

• Click Add Service Provider.

• Fill in the following details:

  • Name: OWA

  • WT-Realm: https://{owa-url} (e.g., https://mail.example.com/owa/)

  • Reply URL: https://{owa-url} (e.g., https://mail.example.com/owa/)

    • In our case https://exch.lab.hideez.com/owa/

• Click Add.

1. Obtain IdP Details:

• Click on Details for the newly added service provider.

• Download the IdP signing certificate.

• Copy the IdP WS Federation URL.

Step 2: Configure integration for Exchange admin center (EAC) in Hideez Server

1. Add an Exchange admin center (EAC) as a Service Provider:

• Click Add Service Provider.

• Fill in the following details:

  • Name: ECP

  • WT-Realm: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

  • Reply URL: https://{ecp-url} (e.g., https://mail.example.com/ecp/)

    • In our case https://exch.lab.hideez.com/ecp/

• Click Add.

1. Obtain IdP Details:

• Click on Details for the newly added service provider.

• Download the IdP signing certificate.

• Copy the IdP WS Federation URL.

Step 3: Configure Exchange Server Sign-On via Hideez Server

1. Install the Certificate on the Exchange Server for Exchange OWA:

• Open the MMC Console on the Exchange Server:

1. Press Win + R, type mmc, and press Enter.

2. In the MMC console, go to File → Add/Remove Snap-in.

3. Select Certificates from the list, then click Add.

4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

• Import the Certificate

1. In the MMC console, navigate to:

   • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

2. Right-click on Certificates → All Tasks → Import.

3. Follow the Certificate Import Wizard:

   • Click Next and browse to the location of the ws-fed-signing-owa.cer

   • Select the certificate and click Next.

   • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

   • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange OWA:

• Open the Exchange Management Shell and execute the following commands:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

In the above command:

• {OWA Base URL} is the Exchange OWA host,

• {Hideez WS Fed URL} is the Idp WS Federation URL.

• {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2

Step 4: Configure Sign-On to Exchange admin center (EAC) via Hideez Server

1. Install the Certificate on the Exchange Server for Exchange OWA:

• Open the MMC Console on the Exchange Server:

1. Press Win + R, type mmc, and press Enter.

2. In the MMC console, go to File → Add/Remove Snap-in.

3. Select Certificates from the list, then click Add.

4. Choose Computer account and click Next → Select Local Computer → Click Finish → OK.

• Import the Certificate

1. In the MMC console, navigate to:

   • Certificates (Local Computer) → Trusted Root Certification Authorities → Certificates.

2. Right-click on Certificates → All Tasks → Import.

3. Follow the Certificate Import Wizard:

   • Click Next and browse to the location of the ws-fed-signing-ecp.cer

   • Select the certificate and click Next.

   • Ensure the certificate is placed in the Trusted Root Certification Authorities store.

   • Click Next → Finish.

2. Execute Commands in Exchange Management Shell for Exchange admin center (EAC):

• Open the Exchange Management Shell and execute the following commands:

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

In the above command:

• {ECP Base URL} is the Exchange Admin Center (EAC) host,

• {Hideez WS Fed URL} is the Idp WS Federation URL.

• {Hideez Cert Thumbprint} is the thumbprint of the certificate you downloaded and installed.

Example:

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint 3e04c68e71a591de637d0d21dcfd8e6f4b843684

Set-OrganizationConfig -AdfsIssuer "{Hideez WS Fed URL}" -AdfsAudienceUris "{OWA Base URL}","{ECP Base URL}" -AdfsSignCertificateThumbprint {Hideez Cert Thumbprint}

Set-OrganizationConfig -AdfsIssuer "https://dev.hideez.com/wsfed" -AdfsAudienceUris "https://exch.lab.hideez.com/owa/","https://exch.lab.hideez.com/ecp/" -AdfsSignCertificateThumbprint d80e7aa3d27ac800fb2d5fa7c08748a73d924cd2, 3e04c68e71a591de637d0d21dcfd8e6f4b843684

Step 5: Configure Virtual Directories:

1. Configure virtual directories for AD FS authentication for OWA:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false

2. Configure virtual directories for AD FS authentication for Exchange admin center (EAC):

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false

Step 6: Restart Internet Information Services (IIS)

Restart IIS to apply the changes:

net stop was /y
net start w3svc