November 2021 Windows Security Updates break OWA published with Azure App Proxy

Thursday, November 25, 2021

If you use Azure App Proxy to publish Outlook Web App (OWA) your may find that it suddenly stopped working. This is due to a bug in recent Windows security updates that affects Kerberos delegation.

Microsoft quietly announced this in the Microsoft 365 Message Center as announcement #2750 - Take action: Out-of-band update to address authentication issues on DCs relating to Kerberos delegation scenarios.

There are separate out-of-band updates for all versions of Windows Server from Windows Server 2008 SP2 through Windows Server 2019. Make sure to download the correct update for your version of Windows Server.

At a minimum, your should apply these updates to all the Domain Controllers that reside in the same AD site as your Exchange Servers. The OOB update requires a restart of the DCs where it is applied.

Once installed, OWA published through AAD App Proxy will start working again.

Publishing OWA through Azure App Proxy allows your organization to use Conditional Access and MFA for OWA access. If you would like help with this for your organization, please contact EXPTA Consulting.

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.