Share via

Using new virtural directory for ECP or using IP Address and Domain Restriction to disable ECP from public internet

Kane 81 Reputation points
2021-08-09T17:45:43.98+00:00

Hello;

I am trying to protect my Exchange ECP from internet, subject to my research; there are two methods can be used.

(1) Create a new virtual directory like the steps show here, but can I just do it on ECP not OWA? I want to keep the OWA without change.

https://techcommunity.microsoft.com/t5/exchange-team-blog/configuring-multiple-owa-ecp-virtual-directories-on-the-exchange/ba-p/611217

(2) Using IP Address and Domain Restriction in IIS

I tried to apply it on "Default Web Site | ecp" virtual directly only, but it also blocking the OWA

Is it just apply this to ecp virtual directory without affecting OWA?

thanks!

Exchange Exchange Server Management
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator
    2021-08-09T17:51:39.28+00:00
    1 person found this answer helpful.
    0 comments
  2. Kael Yao 37,746 Reputation points Moderator
    2021-08-10T02:23:54.533+00:00

    Hi @Kane

    I agree with Andy, if you are using Exchange 2019, Client Access Rules would be very easy to use without affecting OWA.
    However, this feature is not available in former versions of Exchange.

    And if you have some firewall or reverse proxy in your environment, I suppose you may also create rules if it is supported to block external requests to the ECP url.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.