Turn off access to the Exchange admin center
Applies to: Exchange Server 2013
For security purposes, some organizations may want to restrict access to the Exchange admin center (EAC) for users coming from the Internet. This procedure shows you how to turn off access to the EAC. This procedure doesn't prevent users from accessing the Options in Outlook Web App.
This procedure disables EAC administrator access entirely on the CAS server where the steps are applied. If you to enable EAC administrator for internal users, you should install a separate CAS server and configure it to only handle internal requests using the following command:
Set-ECPVirtualDirectory -Identity "InternalCAS\ecp (default web site)" -AdminEnabled $True
The procedure applies only to on-premises deployments of Exchange Server 2013.
What do you need to know before you begin?
Estimated time to complete: 5 minutes.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Exchange admin center connectivity" entry in the Exchange and Shell infrastructure permissions topic.
You can't use the EAC to perform this procedure. You must use the Shell.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.
Use the Shell to turn off Internet access to the EAC
This example turns off the access to the EAC on server CAS01.
Set-ECPVirtualDirectory -Identity "CAS01\ecp (default web site)" -AdminEnabled $false
For detailed syntax and parameter information, see Set-EcpVirtualDirectory.
How do you know this worked?
To verify that you have successfully turned off access to the EAC, do the following:
Using your Internet browser, type your organization's internal or external URL for accessing Outlook Web App but replace the /owa identifier with /ecp. For example, if your external URL for accessing Outlook Web App is https://primary.tailspintoys.com/owa, use https://primary.tailspintoys.com/ecp.
If access is turned off, you'll receive a 404 - website not found error.