Disable OWA on exchange 2016

Dani Kaplan 61 Reputation points

I was told my server was probably hacked via OWA vulnerability (server is patched by windows update but not with exchange upgrade versions.
Can I rename or remove the owa directory under IIS to block OWA
I want to keep active sync working.

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,498 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 145.5K Reputation points MVP

    You can disable the OWA app pool in IIS.

    However, if the server is compromised that is not sufficient. You need to mitigate, apply the latest CUs and SUs and/or rebuild ASAP!

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Dani Kaplan 61 Reputation points

    I've disabled MExcahageOWAAppPool and OWACalendarAppPool

    I am thinking about rebuild, but it's complicated as exchange server is also the single DC. (Small office)

    0 comments No comments

  2. Andy David - MVP 145.5K Reputation points MVP

    Ok, then I would consider building a new DC and Exchange Server and move mailboxes.

    0 comments No comments