ASD's Blueprint for Secure Cloud

Autodiscover

This section describes the design decisions associated with Autodiscover for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Autodiscover is a mechanism for the configuration of a user’s email client with minimal user input. The required input from the user is their email address and password.

Autodiscover for a cloud environment varies from the process utilised when on-premises Exchange is leveraged. With a cloud environment, an Autodiscover Endpoint representing the domain is not available. Instead, Domain Name System (DNS) redirection and Hypertext Transfer Protocol Secure (HTTPS) redirection is leveraged to direct the Autodiscover client to a trusted Autodiscover Endpoint.

The high-level process for Autodiscover is:

  1. Autodiscover endpoint looks for a host named autodiscover.<DomainName>.com
  2. DNS provides the Internet Protocol (IP) address of the host autodiscover.outlook.com
  3. Autodiscover client attempts communication utilising HTTPS (this fails)
  4. Autodiscover client requests redirection over Hypertext Transfer Protocol (HTTP) (This directs the client to autodiscover-s.outlook.com)
  5. Autodiscover client attempts communication utilising HTTPS. The communication is successful. However, the new Autodiscover endpoint does not have a server certificate for the requested hostname. This communication is then redirected using HTTPS redirection to an additional Autodiscover endpoint which can provide the required Autodiscover information.
  6. Autodiscover client completes the Autodiscover process with the new Autodiscover endpoint.

The above process requires appropriate External DNS records

Cloud native deployments

Hybrid deployments

Security & Governance

  • None identified

Design

  • None identified

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra