Very. If you don't use an SSL certificate for OWA username and password will travel across the network (Internet if it's online) open to be sniffed. Additionally, it provides verification to the client that they are really talking to the right server. Without an SSL certificate I could man in the middle your traffic and steal the credentials for your network.
For local outlook connections (assuming that it is using the MAPI protocol not IMAP or POP) it matters a lot less as it performs a different form of encryption using means other than the certificate.
Certificates are not that expensive and security breaches are horrendously expensive. Even for small businesses.
Besides the obvious need to secure communications to and from your mail server, there are a couple other things to consider.
If you are using Exchange 2007 and higher, your best bet is to get a UC Cert. This will enable to you work with the multiple names that will be needed by Exchange to have all of its services function properly. This is especially important with things like AutoDiscover and Outlook Anywhere. If you use the default setup with a self-signed cert, you will have the burden of installing it manually on any device that wants/needs to connect securely from outside of your LAN, which is a pain when you have a ton of clients and mobile devices.
For local connections, the self-signed will usually work just fine, but with the price of certs being so low, its better to just get one and be done. Personally, when I got my UC cert, I got it from HERE.
Some additional info, I would not recommend GoDaddy, their support and certificate process were a pain. Actually, the easiest part about dealing with them, was actually cancelling and getting my money back, funny how that works.
Very. If you don't use an SSL certificate for OWA username and password will travel across the network (Internet if it's online) open to be sniffed. Additionally, it provides verification to the client that they are really talking to the right server. Without an SSL certificate I could man in the middle your traffic and steal the credentials for your network.
For local outlook connections (assuming that it is using the MAPI protocol not IMAP or POP) it matters a lot less as it performs a different form of encryption using means other than the certificate.
Certificates are not that expensive and security breaches are horrendously expensive. Even for small businesses.
Besides the obvious need to secure communications to and from your mail server, there are a couple other things to consider.
If you are using Exchange 2007 and higher, your best bet is to get a UC Cert. This will enable to you work with the multiple names that will be needed by Exchange to have all of its services function properly. This is especially important with things like AutoDiscover and Outlook Anywhere. If you use the default setup with a self-signed cert, you will have the burden of installing it manually on any device that wants/needs to connect securely from outside of your LAN, which is a pain when you have a ton of clients and mobile devices.
For local connections, the self-signed will usually work just fine, but with the price of certs being so low, its better to just get one and be done. Personally, when I got my UC cert, I got it from HERE.
Also, see my answer HERE for more info.
Some additional info, I would not recommend GoDaddy, their support and certificate process were a pain. Actually, the easiest part about dealing with them, was actually cancelling and getting my money back, funny how that works.