Remember with NTLM aka Integrated authentication Outlook can't hop the authentication from one machine to another. So if you login to Outlook with RPC/HTTP and NTLM, that'll be to a front-end server. When we want to talk to the EV server authentication will have to happen again.
When you say IIS is set to basic & integrated.. you mean IIS on the EV server?
If you restrict vault cache by disabling it when RPC/HTTP is detected then you will hit a problem. Outlook can not tell the extensions when RPC/HTTP is in-use, only that it is configured in the profile. So if the Outlook profile says on fast networks to use TCP/IP and on slow networks to use HTTP, we hit the problem that we can't tell when you're on which... and for that reason the extensions at the moment check whether RPC/HTTP is enabled in the profile, and if it is, then it will apply the restrictions, regardless of whether or not RPC/HTTP is actually in use on the connection at this moment in time.
Also if you restrict RPC/HTTP in the way you mention, a user will still get prompted for authentication the first they open an archived item, I think (or try to open the integrated search page, or archive explorer).