Very helpful information. Sent from my iPad
On Jan 28, 2015, at 11:34 AM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: Autodiscover is a surprisingly complex little protocol. You never get a certificate or warning error, because with Office 365, you never connect to the provided domain name. When Outlook (or a mobile client) attempts to connect to autodiscover.example.com<http://autodiscover.example.com> over SSL, they can't. The connection is denied. This tells the autodiscover protocol that it needs to redirect its request to a different host. It gets the different hostname by connecting to autodiscover.example.com<http://autodiscover.example.com> directly over port 80 (no credentials - just a custom request that says "tell me who to connect to"). Autodiscover then connects to that site - which must be an SSL site and have a valid SSL certificate. The above is very simplified. If you want the TL;DR details, see: http://msdn.microsoft.com/en-us/library/ee332364(v=exchg.140).aspx From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Matthew Topper Sent: Wednesday, January 28, 2015 8:00 AM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Office365 and Autodiscover I'm wondering if someone on this list can help with a question I have on Office365: Why isn't there a certificate error when I point the autodiscover CNAME to autodiscover.outlook.com<http://autodiscover.outlook.com>? I think I'm missing something with how Office365 works, since I know I run into problems under normal circumstances when 'autodiscover.example.com<http://autodiscover.example.com>' isn't in the certificate on the Exchange server, but how can Office 365 handle that? Matthew Topper
