SirDice- On a properly configured Exchange server you can enforce many security policies that greatly reduce the risk of using the outlook client. For instance, there is really no reason for anybody to email any type of executable file. So if you have any type of email virus scanning you can block out all of these attachment types. Of course you always have the option to zip up your files and then send them, which you can also restrict.
Also, you can enforce from the server side which outlook clients are allowed to connect to the exchange server. So you can enforce that all outlook clients have the latest and greatest security patches which do not allow for auto code execution, or automatic running of executables without first saving them to your harddrive.
http://support.microsoft.com/default...Product=exch2k
Also, as the Exchange2k3 OWA interface is identical to the MAPI client in terms of functionality. You can totally disable MAPI access and have all access be web based. If you were to do this on a properly locked down IIS server, the security advantages would be tremendous.
http://support.microsoft.com/default...b;EN-US;288894
Exchange2k3 also supports RPC over HTTP so that you can run a mapi client through a proxy server or ISA server. This is much more secure than opening up the MAPI and RPC EPM ports so that your clients can use outlook outside of your firewall. I would still be hesitant to do this, but if you have a really good HTTP IDS in place, it could be secured very well.
It really all comes down to how familiar your admins are with the product though. I'm sure notes can run great with good admins, and so can exchange.
