Good to know, Juergen. Looking at the linked Microsoft article it says:
"Extended Protection is supported in environments that use SSL Bridging under certain conditions. To enable Extended Protection in your Exchange environment using SSL Bridging, you must use the same SSL certificate on Exchange and your Load Balancers. Using different certificates cause Extended Protection Channel Binding Token check to fail and as a result, prevent clients from connecting to the Exchange server."
That seems feasible, to have the same cert on both ends. That should at least do for satisfying the requirements for the Channel Binding Token to work.
Do you have any insights why it is not supported? Cannot find the RFE here: https://my.f5.com/manage/s/bug-tracker.
Neither by ID 758880 nor by searching for the term "extended protection".
Thx in advance.