Share via

Block Microsoft Exchange Server 2016 Exchange Admin Center (EAC) website from Internet

Abdullah Salam 41 Reputation points
Aug 4, 2020, 1:22 PM

Hi,

As per requirements from our customer to restrict EAC from External network, We have configured Exchange 2016 servers configured with Option 2 using the article below:

https://learn.microsoft.com/en-us/exchange/architecture/client-access/disable-exchange-admin-center-a...

As per customer security requirements, EAC/ECP website URL should not be accessible and should be blocked without impacting OWA accessibility for the users from Exchange Servers. Need help if this can be achieved using Exchange Server Configurations.

NOTE: By following the above article, EAC access is restricted but the EAC login page is still accessible by all the users.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,795 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,825 questions
{count} votes

Accepted answer
  1. Andy David - MVP 153.5K Reputation points MVP
    Aug 8, 2020, 1:51 AM

    Hi, as I commented above, I don't think there is really any good solution for you. You really can't block or prevent even seeing the ECP directory without affecting OWA.
    OWA and ECP are intertwined and OWA relies on the ECP virtual directory for user options.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Lucas Liu-MSFT 6,181 Reputation points
    Aug 5, 2020, 5:27 AM

    Hi Abdullah-salam,
    You could install IP and Domain Restrictions role and set up restrict EAC from External network in IIS. Please follow the steps below:

    1. In Server Manager, click the Manage menu, and then click Add Roles and Features.
    2. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
    3. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select IP and Domain Restrictions. Click Next.
    4. After you install the IP and Domain Restrictions role, you could set up IP and Domain Restrictions in IIS.
      Please note that based on the previous similar case, install this feature may cause all user access interruption for a few minutes, and then it will be restored.
      For more information you could refer to: Adding IP Security
      15656-1111.png
      15732-22222.png
    1 person found this answer helpful.

  2. Andy David - MVP 153.5K Reputation points MVP
    Aug 4, 2020, 1:28 PM

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.