question

ZacharyHamilton-1154 avatar image
0 Votes"
ZacharyHamilton-1154 asked ZacharyHamilton-1154 answered

disable Exchange EWS dialog box

Hello,

We have been asked by our cybersecurity insurance company to disable the EWS dialog box that appears if you go to a browser and type in https://webmail.domain.com/ews or autodiscover.domain.com/ews. Does anyone know how to do this? 146213-2021-11-03-8-34-49.jpg

Thanks,

Zachary Hamilton


office-exchange-server-administrationoffice-exchange-server-connectivityoffice-exchange-server-itprooffice-exchange-server-deployment
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ZacharyHamilton-1154

Agree with Andy. Configuring HMA will be a good choice, since the restricting of port 443 will affect the external access of many Exchange-related servers. And here is a previous thread discussed about the similar concern as yours for your reference as well:
EWS on Exchange 2016


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·
ZacharyHamilton-1154 avatar image
0 Votes"
ZacharyHamilton-1154 answered

We found another answer. We followed directions here, just doing it for EWS: https://www.yshvili.com/disable-external-access-to-ecp-exchange-2019-server-2019/

Basically, we added the IP Address and Domain Restrictions role on the Exchange server. Then we went into IIS. Under the Default Web Site and Exchange Back End sections, we changed the basic Feature Settings and added specific Allow entries.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered ZacharyHamilton-1154 commented

Not without breaking it :)

The only way to prevent external access would be to block port 443 from external access on your firewall to your Exchange Servers and only allow access via VPN

If that is not possible, then you should think about leveraging HMA in Azure:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Andy,

Thanks for your response. We are on-prem Exchange. Does this answer still apply?

Yeah, I've been doing a lot of reading and I haven't found anything. I was hoping for some way to just suppress that dialog box at webmail.domain.com/ews without impacting webmail.domain.com itself. The insurance company is concerned about brute force attacks, but I don't see what makes this dialog box different than any other web interface. Very frustrating!

Thanks,

Zachary Hamilton

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered

Yes, HMA works with on-prem :)

Yea, the only 100% way to prevent that is to not allow external access at all to Exchange and keep the servers updated to protect from internal threats.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.