Securing the connection to the Exchange server with Client Certificates Authentication doesn't work.
First seen in
Sophos Mobile Control
What To Do
It is not possible to use the Client Certificate Authentication method in conjunction with the Sophos Mobile Control (SMC) Exchange ActiveSync Proxy (EAS Proxy).
If client certificates are used as an authentication method on the Exchange server, it would not be possible for the EAS Proxy to check which device tried to connect to the Exchange server due to the encrypted connection.