IIS

How to set up kerberos in Exchange (ews) on a site in iis without configuring browsers?

Corp site on asp.net mvc 5 on iis 7. Basic CRUD functionality with calendar events for exchange 2016 users via EWS. SPN are registered, Win authorization + impersonation are enabled, UseKernelMode on, useAppPoolCredentials false, ApplicationPoolIdenity pool, all domain users.
In general, if you register a site in the whitelist for negotiate-delegation in browsers (ie in the intranet security settings, ff - about: config, chrome - registry), does not ask for a login password and authorizes immediately, default credentials reach Exchange and EWS works fine . If not set, login/password is requested, but Exchange returns "The request failed. The remote server returned an error: (401) Unauthorized."
In both cases, win authorization works, i.e. I get WindowsIdentity.GetCurrent().Name and other fields from AD.
But jumping and setting up your favorite browser for everyone is not entirely correct. It doesn't matter whether the username \ password will be asked or transparently, can it be resolved without setting up browsers?