Securing the connection to the Exchange server with Client Certificates Authentication doesn't work when using the built-in Exchange ActiveSync Proxy provided with Sophos Mobile Control.
First seen in
Sophos Mobile Control
It is not possible to use the Client Certificate Authentication method in conjunction with the Sophos Mobile Control (SMC) built-in Exchange ActiveSync Proxy (EAS Proxy). If client certificates are used as an authentication method on the Exchange server, it would not be possible for the EAS Proxy to check which device tried to connect to the Exchange server due to the encrypted connection.
As of Sophos Mobile Control 6.0 the External EAS Proxy component of Sophos Mobile Control supports client certificate authentication. This can be set up per instance on the External EAS Proxy. On the Exchange Server client certificate authentication must remain disabled.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.