After you configure a network device to require certificate validation between Microsoft Outlook and Microsoft Exchange Server 2019, 2016, or 2013, you experience connection failures in Outlook clients.
Note The network device can be a load balancer or another network device, as described in Certificate Selection and Validation.
This problem occurs especially if the network device is configured to require the client to present a certificate during the SSL handshake in the network layer instead of passing the traffic directly to the server that is running Exchange Server.
This issue occurs because Outlook does not support using the Windows certificate store as a credential. Outlook uses the Windows Credential Manager to provide credentials to servers.
To configure certificate authentication in Outlook 2016 and later versions, we recommend that you use Modern Authentication. For more information about how to enable Modern Authentication, see the following articles:
Outlook supports connecting directly to Smart Card Authentication by using a physical smart card or a TPM chip-embedded virtual smart card for each user.
Certificate-based authentication is supported for OWA and ActiveSync clients, but not in Outlook that is running on Windows. For more information, see the following articles: