Share via

How to Disable Exchange 2016(CU19) ECP External Access (Without breaking OWA)

Sathishkumar Singh 496 Reputation points
2021-03-11T08:50:30.067+00:00

Hello Support

My Current infra

1-Primary AD
1-Secondary AD
2-Child Domain
2-RODC

1-Standalone Exchange Server 2016(CU19)

How to Disable Exchange 2016(CU19) ECP External Access (Without breaking OWA)
it should be able to access internally ECP with same as External.

Please share me step by step guide to avoid impact during Disabling EAC

Also i read article says that it may break OWA during Disabling EAC

Please advice

Exchange Online
Exchange Online

A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Windows95 0 Reputation points
    2025-09-25T18:04:32.68+00:00

    FWIW i did it with a simple URL Rewrite Rule. I edited the web.config file by adding this rule and it works perfectly for my environment. No access to ECP from anywhere at all except from the Exchange Server itself. If you need to add additional IP addresses (maybe from a LAN PC) that you want to allow to have access to it, you can add them after this line: <add input="{REMOTE_ADDR}" pattern="^127.0.0.1$" negate="true" />

        <rule name="Block External Access To ECP" stopProcessing="true">

        <match url=".*" />

        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">

            <add input="{UrlDecode:{REQUEST_URI}}" pattern="(?=.*ecp)" />

            <add input="{REMOTE_ADDR}" pattern="^127\.0\.0\.1$" negate="true" />

        </conditions>

        <action type="Redirect" url="https://your.domain.com" appendQueryString="false" />

    </rule>

    Was this answer helpful?

    0 comments
  2. KyleXu-MSFT 26,406 Reputation points
    2021-03-12T02:53:54.143+00:00

    @Sathishkumar Singh

    Here are step by step to disable EAC from accessed from external of your organization, you still could access it from the internal of your organization. It doesn't effect the using of OWA: Turn off access to the Exchange admin center

    You can also install an Exchange 2019,then using Exchange 2019 as the Internet facing server, the new function "Client Access Rules" is more easier to control the access of EAC.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.