The final stage in configuring certificate-based authentication is to configure Exchange Server 2010 so that it requires user certificates as a valid authentication mechanism.
To accomplish this, we'll need to complete the following tasks on all servers hosting the Client Access Role that ActiveSync clients will connect to:
Configure IIS pre-requisites to enable mapping of user certificates to Active Directory accounts
Configure the Default Web Site in IIS to allow certificate mapping for authentication to be enabled
Configure Exchange Server 2010 to only allow certificate-based authentication for ActiveSync clients
It's important to note that after configuration of certificate-based authentication for ActiveSync, ActiveSync clients such as iPhones or other iOS devices currently using username and password authentication will no longer be able to access Exchange until they are re-configured to use certificate-based authentication...