For the last 2 years our organization has been affected by DDoS attacks 5 times.
4 of those attacks were coming from Exchange after analyzing the security logs from AD.
Preventative Measures We Followed
1- Installed a new Exchange server (to be used for ECP and Administering our DAG. caused multiple account locks due to some authentication requests proxied to the server as the server didn't hold any databases. we decommissioned the server soon after)
2- Our security team blocked some suspicious IPs.
3- Disabled OWA for external users.
Are there any preventative measures that we can take to secure client requests for ActiveSync and MAPI ?