To help ensure the external security for Outlook Web App, you may be publishing OWA via Forefront Threat Management Gateway. You may as the result of a security audit be required to disable SSL 2.0 for PCI compliance.
To test if you need to do this, you can use online tools including those provided by https://www.ssllabs.com/ to test if you need to disable this, and ensure that SSL 3.0 is indeed enabled:
Figure 1
To disable SSL 2.0 for users accessing OWA via the Threat Management Gateway/ISA server, use Registry Editor to navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
Create a new key named Server:
Figure 2
Next, add a new DWORD value named DisabledByDefault and set the value to 1:
Figure 3
At an appropriate time, re-boot the TMG/ISA server. After reboot, rerun the tests and you should see SSL 2.0 is now disabled. Access to OWA and other services should be unaffected:
Figure 4