Exchange Hybrid - DDoS Attack

Azy1412 201 Reputation points
 For the last 2 years our organization has been affected by DDoS attacks 5 times.

4 of those attacks were coming from Exchange after analyzing the security logs from AD.

Preventative Measures We Followed
1- Installed a new Exchange server (to be used for ECP and Administering our DAG. caused multiple account locks due to some authentication requests proxied to the server as the server didn't hold any databases. we decommissioned the server soon after)

2- Our security team blocked some suspicious IPs.

3- Disabled OWA for external users.

Are there any preventative measures that we can take to secure client requests for ActiveSync and MAPI ?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,520 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,426 questions
0 comments No comments
{count} votes

1 additional answer

Sort by: Most helpful
  1. Lucas Liu-MSFT 6,106 Reputation points

    Hi @Azy1412 ,
    Agree with what Andy said. Enabling modern authentication will improve the security of communication between the client and the server.
    You could also following the steps to prevent Exchange server and client request:

    1. Apply the latest security updates.
    2. Reasonable deployment firewall and Multi-factor authentication (MFA).
    3. Review the sensitive roles and groups.
    4. Restrict access.
      For more information :Defending Exchange servers under attac


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments