disable Exchange EWS dialog box

asked 2021-11-03T12:39:50.337+00:00
Zachary Hamilton 201 Reputation points

Hello,

We have been asked by our cybersecurity insurance company to disable the EWS dialog box that appears if you go to a browser and type in https://webmail.domain.com/ews or autodiscover.domain.com/ews. Does anyone know how to do this? 146213-2021-11-03-8-34-49.jpg

Thanks,

Zachary Hamilton

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,072 questions
{count} votes

Accepted answer
  1. answered 2021-11-05T18:05:52.3+00:00
    Zachary Hamilton 201 Reputation points

    We found another answer. We followed directions here, just doing it for EWS: https://www.yshvili.com/disable-external-access-to-ecp-exchange-2019-server-2019/

    Basically, we added the IP Address and Domain Restrictions role on the Exchange server. Then we went into IIS. Under the Default Web Site and Exchange Back End sections, we changed the basic Feature Settings and added specific Allow entries.

    No comments

2 additional answers

Sort by: Most helpful
  1. answered 2021-11-03T13:08:56.513+00:00
    Andy David - MVP 108.8K Reputation points Microsoft MVP

    Not without breaking it :)

    The only way to prevent external access would be to block port 443 from external access on your firewall to your Exchange Servers and only allow access via VPN

    If that is not possible, then you should think about leveraging HMA in Azure:

    https://learn.microsoft.com/en-us/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide


  2. answered 2021-11-03T14:04:16.95+00:00
    Andy David - MVP 108.8K Reputation points Microsoft MVP

    Yes, HMA works with on-prem :)

    Yea, the only 100% way to prevent that is to not allow external access at all to Exchange and keep the servers updated to protect from internal threats.

    No comments