Im getting alot of questions around the default authentication setting for the exchange virtual directories - So I though I would dig this out as a handy reference;
You can find these settings in IIS7. Select each Virtual Directory and then IIS section –> Authentication. Listed are the virtual directories that are enabled by default with a clean install of Exchange 2007/Exchange 2010
Note these settings are from Exchange 2007 Standard SP2 Installation, but should be the correct settings for Exchange 2010
All the Virtual directories are set to Require SSL with 128bit except for OAB that DOES NOT require SSL and RpcWithCert which DOES NOT require 128bit (it DOES require SSL though).