Microsoft gives Web Access easy, more flexible Outlook

Web e-mail access has shifted from quirky to picky in Microsoft Corp.'s
Outlook Web Access.


This function within Microsoft Exchange Server 5.5 has improved significantly over
Version 5.0 [GCN, Aug. 11, 1997, Page 47]. The new Outlook Web Access not only is
significantly more reliable, it also has a calendar component.


Although Outlook Web Access resembles the Outlook 97 and 98 applications, it is in fact
an Active Server Page (ASP), generated by Exchange and Microsoft Internet Information
Server for remotely viewing and sending e-mail over the Web.


Web Access and the Outlook application both use the same server data. But Web Access
ASPs cannot retrieve contact database information, tasks and other elements in the way the
application can.


As in my previous Outlook Web Access review, I remain concerned about security.


Microsoft's Windows NT Server authenticates all log-ins. For the log-ins to be secure,
NT's Challenge/Response authentication must be turned on and basic text authentication
turned off. NT Challenge/Response encodes user names and passwords for security, whereas
basic text does no encoding.


As you might expect, Microsoft's Internet Explorer 4.01 browser works best with Web
Access, and it lets NT Challenge/Response stay on. Not so with Netscape Communications
Corp. browsers--basic text must be turned on. In my opinion, that is a security gap.


And Web pages generated by the server still are transmitted by default without a secure
sockets layer. I hope Microsoft will consider bundling an SSL element in future editions
for better security.


Users can send and receive e-mail just as they could before. The calendar component is
a helpful feature for travelers who want to know their next appointment. They can even
schedule group appointments via Outlook Web Access.


Although slower than the Outlook application itself, Web Access is just as easy and
flexible. It is an excellent remote-access option for occasional travelers. But Microsoft
should beef up the privacy elements to make Outlook Web Access more suitable for
government use.


application both use the same server data. But Web Access ASPs cannot retrieve contact
database information, tasks and other elements in the way the application can.


As in my previous Outlook Web Access review, I remain concerned about security.


Microsoft's Windows NT Server authenticates all log-ins. For the log-ins to be secure,
NT's Challenge/Response authentication must be turned on and Basic Text authentication
turned off.


NT Challenge/Response encodes user names and passwords for security, whereas Basic Text
does no encoding. As you might expect, Microsoft's Internet Explorer 4.01 browser works
best with Web Access, and it lets NT Challenge/Response stay on.


Not so with Netscape Communications Corp. browsers--Basic Text must be turned on. In my
opinion, that is a security gap.


And Web pages generated by the server still are transmitted by default without a Secure
Sockets Layer. I hope Microsoft will consider bundling an SSL element in future editions
for better security.


Users can send and receive e-mail just as they could before.


The calendar component is a helpful feature for travelers who want to know their next
appointment.


They can even schedule group appointments via Outlook Web Access.


Although slower than the Outlook application itself, Web Access is just as easy and
flexible.


It is an excellent remote-access option for occasional travelers. But Microsoft should
beef up the privacy elements to make Outlook Web Access more suitable for government use.


inside gcn

  • cyber hygiene (Lucky Business/Shutterstock.com)

    Cleaning up cyber hygiene

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group