In Exchange Server 2007 SP1, the configuration of Outlook Anywhere (formerly known as RPC over HTTP) has been changed to accommodate the different ways Exchange CAS servers are deployed on the Internet. This blog post provides an overview of these changes.
Exchange 2007 RTM: In Exchange 2007 RTM, enabling Outlook Anywhere (using either the Exchange Management Console or the Exchange Management Shell enable-OutlookAnywhere cmdlet) required a mandatory parameter called ExternalAuthenticationMethod. This parameter was used to update Outlook 2007 clients using the Autodiscover service. Changing this parameter, however, did not influence the authentication methods enabled on the /rpc virtual directory on IIS servers. As a result, both Basic and NTLM authentication methods were always enabled even though Outlook clients would connect using only 1 authentication method. Additionally, it was not possible to manually turn off an authentication method using the IISManager MMC snap-in, since every 15 minutes the Exchange Services Host Service would automatically re-enable both Basic and NTLM authentication methods in IIS.
Note that if you had already enabled Outlook Anywhere, the ExternalAuthenticationMethod parameter could also be specified through the set-outlookAnywhere task, and it had the same effect as described above.
For further details, you can refer to http://technet.microsoft.com/en-us/library/bb123513.aspx
Exchange Server 2007, Outlook, Microsoft, Knowledgebase