This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 25%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZH%3C/text%3E%3C/svg%3E)
Hello,
We have been asked by our cybersecurity insurance company to disable the EWS dialog box that appears if you go to a browser and type in https://webmail.domain.com/ews or autodiscover.domain.com/ews. Does anyone know how to do this? 
Thanks,
Zachary Hamilton
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Agree with Andy. Configuring HMA will be a good choice, since the restricting of port 443 will affect the external access of many Exchange-related servers. And here is a previous thread discussed about the similar concern as yours for your reference as well:
EWS on Exchange 2016
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
We found another answer. We followed directions here, just doing it for EWS: https://www.yshvili.com/disable-external-access-to-ecp-exchange-2019-server-2019/
Basically, we added the IP Address and Domain Restrictions role on the Exchange server. Then we went into IIS. Under the Default Web Site and Exchange Back End sections, we changed the basic Feature Settings and added specific Allow entries.
Not without breaking it :)
The only way to prevent external access would be to block port 443 from external access on your firewall to your Exchange Servers and only allow access via VPN
If that is not possible, then you should think about leveraging HMA in Azure:
Andy,
Thanks for your response. We are on-prem Exchange. Does this answer still apply?
Yeah, I've been doing a lot of reading and I haven't found anything. I was hoping for some way to just suppress that dialog box at webmail.domain.com/ews without impacting webmail.domain.com itself. The insurance company is concerned about brute force attacks, but I don't see what makes this dialog box different than any other web interface. Very frustrating!
Thanks,
Zachary Hamilton
Yes, HMA works with on-prem :)
Yea, the only 100% way to prevent that is to not allow external access at all to Exchange and keep the servers updated to protect from internal threats.