Default settings for Exchange virtual directories

Applies to: Exchange Server 2013

Exchange Server 2013 automatically configures multiple Internet Information Services (IIS) virtual directories during installation. This topic contains information about the default IIS authentication settings and default Secure Sockets Layer (SSL) settings for the Client Access and Mailbox servers.

Client Access server

The following table lists the default settings on a stand-alone Exchange 2013 Client Access server.

Virtual directory	Authentication method	SSL settings	Management method
Default website	Anonymous	Required	IIS management console
aspnet_client	Anonymous authentication	SSL required Requires 128-bit encryption	IIS management console
Autodiscover	Anonymous authentication Basic authentication Windows authentication	SSL required Requires 128-bit encryption	Exchange Management Shell (Shell)
ecp	Anonymous authentication Basic authentication	SSL required Requires 128-bit encryption	Exchange admin center (EAC) or Shell
EWS	Anonymous authentication Windows authentication	SSL required Requires 128-bit encryption	Shell
Microsoft-Server-ActiveSync	Basic authentication	SSL required Requires 128-bit encryption	EAC or Shell
OAB	Windows authentication	Not required	EAC or Shell
owa	Basic authentication	SSL required Requires 128-bit encryption	EAC or Shell
PowerShell	Anonymous authentication	Not required	Shell
Rpc	Basic authentication Windows authentication	SSL required Requires 128-bit encryption	Shell
RpcWithCert	By default, all authentication methods are disabled.	Required

Mailbox server

The following table lists the default settings on a stand-alone Exchange 2013 Mailbox server.

Default Mailbox server IIS authentication and SSL settings

Virtual directory	Authentication method	SSL settings	Management method
Default website	Anonymous authentication	SSL required Requires 128-bit encryption	This virtual directory can't be configured by the user.
PowerShell	Anonymous authentication	Not required	Shell