Block Microsoft Exchange Server 2016 Exchange Admin Center (EAC) website from Internet

53716208 41 Reputation points
2020-08-04T13:22:49.847+00:00

Hi,

As per requirements from our customer to restrict EAC from External network, We have configured Exchange 2016 servers configured with Option 2 using the article below:

https://learn.microsoft.com/en-us/exchange/architecture/client-access/disable-exchange-admin-center-a...

As per customer security requirements, EAC/ECP website URL should not be accessible and should be blocked without impacting OWA accessibility for the users from Exchange Servers. Need help if this can be achieved using Exchange Server Configurations.

NOTE: By following the above article, EAC access is restricted but the EAC login page is still accessible by all the users.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,530 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,633 questions
{count} votes

Accepted answer
  1. Andy David - MVP 148K Reputation points MVP
    2020-08-08T01:51:06.51+00:00

    Hi, as I commented above, I don't think there is really any good solution for you. You really can't block or prevent even seeing the ECP directory without affecting OWA.
    OWA and ECP are intertwined and OWA relies on the ECP virtual directory for user options.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Lucas Liu-MSFT 6,176 Reputation points
    2020-08-05T05:27:46.387+00:00

    Hi Abdullah-salam,
    You could install IP and Domain Restrictions role and set up restrict EAC from External network in IIS. Please follow the steps below:

    1. In Server Manager, click the Manage menu, and then click Add Roles and Features.
    2. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
    3. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select IP and Domain Restrictions. Click Next.
    4. After you install the IP and Domain Restrictions role, you could set up IP and Domain Restrictions in IIS.
      Please note that based on the previous similar case, install this feature may cause all user access interruption for a few minutes, and then it will be restored.
      For more information you could refer to: Adding IP Security
      15656-1111.png
      15732-22222.png
    1 person found this answer helpful.

  2. Andy David - MVP 148K Reputation points MVP
    2020-08-04T13:28:27.65+00:00

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.