If your mailbox is hosted in Office 365 Exchange Online you may be surprised to see that the Outlook Connection Status shows Authn “Clear [Anonymous]” and Encrypt “SSL [No]“, as shown below.
|Outlook Connection Status|
Here, we see a connection between Outlook 2013 and Exchange 2013.
|Exchange 2013 NetMon Trace|
The trace shows Outlook on the source computer (MAILGATE) starting up and connecting to the Exchange 2013 CAS (EX1). In the first three frames we see Outlook negotiating with EX1 using HTTPS port 443. The next two frames show the SSL handshake and the certificate exchange with the target server, EX1. Note in the detail of frame 116 that the certificate being used to encrypt the conversation is a wildcard cert (*.theguillets.com) from DigiCert. From there on, we see that all communication is encrypted using TLS on port 443. All further authentication and application data transferred from EX1 is encrypted and cannot be read in the NetMon trace, proving that the entire conversation is encrypted.
Now let’s take a look at the same process when Outlook 2013 connects to Exchange Online in Office 365:
|Office 365 NetMon Trace|
This trace shows the identical sequence of events. MAILGATE negotiates with the Office 365 CAS (OFFICE365) in the first three frames using HTTPS port 443. The next two frames show the SSL handshake and the certificate exchange with the target server, OFFICE365. Note in the detail of frame 576 that the certificate being used to encrypt the conversation is a SAN cert (outlook.office365.com) from Microsoft IT. Just like the connection with Exchange 2013, the entire conversation is encrypted and cannot be read by NetMon.