Exchange 2016 geolocation

will smith 21 Reputation points
2021-02-21T14:47:46.277+00:00

Is there a way to see the geolocation of where users are signing on from? It would be helpful alert to see if an account has been compromised. A suspicious user would probably be logging on from somewhere outside of our operating area. This is for premise/server based exchange not office365 or other cloud exchange solutions.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,435 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 143.8K Reputation points MVP
    2021-02-21T15:20:35.75+00:00

    You'll really need to leverage Azure AD to do this:

    https://learn.microsoft.com/en-us/microsoft-365/enterprise/hybrid-modern-auth-overview?view=o365-worldwide

    There is no really good on-prem solutions other than some other 3rd party product perhaps or you would have to create your own processes to check logs and match them to country location.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Lucas Liu-MSFT 6,161 Reputation points
    2021-02-22T04:06:35.007+00:00

    Hi @will smith ,
    I agree with what Andy said.
    According to my research, we could know the IP address of the client login through the IIS log, but the on-premiese Exchange itself cannot be set to check for remote login and issue a warning.

    In addition, I found two ways to restrict mailbox login, if it meets your needs, you can try to set:
    1.You can restrict specific mailboxes to only log in on specified computers. But it should be noted that, according to my test, if this setting is made, the specific mailbox will not be able to log in through OWA, and can only be logged in to the Outlook client on the designated computer. Please refer to the settings in the screenshot below to set up in ADUC.
    70462-image.png

    2.We can use the IP Address and Domain Restrictions function in IIS to restrict the mailbox to only log in to a specific IP or a specified IP range.
    70446-image.png
    70447-image.png


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. will smith 21 Reputation points
    2021-02-22T14:19:56.443+00:00

    Thank you for the answers. I wish it let me accept both answers but it does not. Thanks again for the help and pointers.

    0 comments No comments