In previous posts, we have discussed certificate based authentication (CBA) for Outlook Web App, and Greg Taylor has covered publishing Outlook Web App and Exchange ActiveSync (EAS) with certificate based authentication using ForeFront TMG in this whitepaper. Certificate based authentication can also be accomplished using ForeFront Unified Access Gateway.

In this post, we will discuss how to configure CBA for EAS for Exchange 2010 in deployments without TMG or UAG.

To recap some of the common questions administrators and IT decision-makers have regarding CBA:

What is certificate based authentication?
CBA uses a user certificate to authenticate the user/client (in this case, to access EAS). The certificate is used in place of the user entering credentials into their device.

What certificate based authentication is not:
By itself, CBA is not two-factor authentication. Two-factor authentication is authentication based on something you have plus something you know. CBA is only based on something you have.

However, when combined with an Exchange ActiveSync policy that requires a device PIN, it could be considered two-factor authentication.

--> Please see the rest on the blog : http://blogs.technet.com/b/exchange/archive/2012/11/28/configure-certificate-based-authentication-for-exchange-activesync.aspx