This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 31%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Hi,
How to deny access to ECP virtual directory for specific IP address only like (Bad IP)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @ALAHMADI, TURKI YOUSEF S ,
Just checking in to see if you have had a chance to check the reply provided. If you have any questions or need further help on this issue, please feel free to post back.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @ALAHMADI, TURKI YOUSEF S ,
How to deny access to ECP virtual directory for specific IP address only like (Bad IP)
If you are running Exchange 2019 or Exchange Online, you can use Client Access Rules to block client access to the EAC(or ECP) based on specific IP addresses. For instance, the command below can be used to create a new Client Access Rule named "Restrict ECP Access" that blocks access to the Exchange admin center for clients in the IP addresses 192.168.1.1 and 192.168.1.2:
New-ClientAccessRule -Name "Restrict ECP Access" -Action DenyAccess -AnyOfProtocols ExchangeAdminCenter -AnyOfClientIPAddressesOrRanges 192.168.1.1,192.168.1.2 -Priority 1
For more information, see Client Access Rules in Exchange Server.
If you are running other versions of Exchange server where Client Access rule is not available, then you could install "IP and Domain Restrictions" role and set up restrict EAC in IIS. For more details, see: Adding IP Security.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.