I have read a couple of pages regarding the pros/cons of Basic over NTLM authentication between Outlook 2010+ and Exchange Server 2013:
HERE
and HERE
A brief synopsis of our setup:
- Hybrid Linux/Windows network, until recently totally Linux-based domain management
- E-mail services outsourced until recent installation of Windows Server 2012/Exchange 2013 server in-house
- Vast majority of Windows workstations are not domain-linked to the new Windows server (yet -- future project)
- Many users utilize Outlook Anywhere/Active Sync services on mobile computers inside and outside the LAN/VPN, mobile devices, and internationally
Those users that move their laptops around (from network to network), as well as those using desktop workstations (including yours truly) have observed pop-up windows from Outlook asking to re-authenticate using domain\username and password. The above links have referenced that Outlook clients that lose contact with the server (transiting the LAN/WAN boundary, computer hibernation) or are restarted, and are using NTLM or Negotiate Authentication, and cannot authenticate due to the fact that they are not part of the domain proper, Outlook reverts to Basic Authentication, and the user is prompted for their credentials.
At this point, I am fairly certain that our network and users would benefit from restricting Outlook AutoDiscover and Anywhere to Basic Authentication, using the 'remember credentials' function on the Outlook client, and the instances of Outlok re-prompting for credentials will be greatly reduced.
Ultimately, my questions are 1) am I correct in my reasoning, and 2) what change or series of changes should be made in order to effect Basic as the default authentication method for any Outlook Anywhere/AutoDiscover connection?
Thanks for your help!