This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
For the last 2 years our organization has been affected by DDoS attacks 5 times.
4 of those attacks were coming from Exchange after analyzing the security logs from AD.
Preventative Measures We Followed
1- Installed a new Exchange server (to be used for ECP and Administering our DAG. caused multiple account locks due to some authentication requests proxied to the server as the server didn't hold any databases. we decommissioned the server soon after)
2- Our security team blocked some suspicious IPs.
3- Disabled OWA for external users.
Are there any preventative measures that we can take to secure client requests for ActiveSync and MAPI ?
Move your Auth to Azure. Seriously. That will move your org to a modern solution and you can leverage Azure and MFA and that will put a huge dent in these issues.
Hi @Azy1412 ,
Agree with what Andy said. Enabling modern authentication will improve the security of communication between the client and the server.
You could also following the steps to prevent Exchange server and client request:
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.