External Exchange Web Service configuration

Question

External Exchange Web Service configuration

Tang, Ken 65

We are using Exchange 2016 with Hybrid setup. Eventually we have suspect some brute force account attack on our On-Perm Exchange web service, which makes account lock frequently.

We have tried ews, activesync and autodiscover web service may face this login attempt.

Does any one got idea how to avoid this situation?

1 個回答

您的回答

Answer 1

匿名

Hi @Tang, Ken,

Welcome to the Microsoft Q&A platform!

Based on your description, you are dealing with a situation where the On-Perm Exchange network service has been hit by some brute force account attacks. Here are some strategies to help mitigate brute force attacks against your Exchange 2016 Hybrid setup:

Adding an extra layer of security can significantly reduce the risk of unauthorized access.
Limit access to Exchange services via VPN. This ensures that only users connected to the internal network can access the services.
Configure your Active Directory to lock accounts after a certain number of failed login attempts. This helps prevent brute force attacks.
Adding reCAPTCHA to your OWA/ECP login page can help block automated login attempts.
Implement authentication policies to detect and block password spray attacks, which are a type of brute force attack.
Regularly monitor your logs for suspicious activity and block IP addresses that show signs of brute force attempts.

Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

Best,

Jake Zhang

Tang, Ken 65 信譽點數

2025-01-28T02:58:52.1166667+00:00

Dear Jake,

Thanks. For point 1, we are using Azure app proxy with exchange hybrid agent. Seems we cannot control / log the traffic form come from external? If not, could you please advise how to overcome ?

We have already block out the external mapi, ecp . But still we left the Activesync, autodiscover which are not possible to block out from external connection.

For point 5, also please advise how could we do that?
匿名

2025-01-29T02:59:37.17+00:00
Hi @Tang, Ken,

Thanks for your response!

For your first concern about controlling and logging external traffic with Azure App Proxy and Exchange Hybrid Agent, here are some suggestions:

Use Azure AD Conditional Access policies to control access to Exchange services. You can set conditions based on user location, device compliance, and more.

Leverage Azure AD sign-in logs to monitor and analyze sign-in activity. This can help you identify and respond to suspicious sign-in attempts.

Enable logging on the Application Proxy connector to capture detailed information about the traffic passing through it.

For your second concern about implementing ActiveSync and Autodiscover authentication policies, you can follow these steps:

Configure ActiveSync device access rules to control which devices can connect. You can create rules based on device type, model, or operating system3.

Use the Set-ClientAccessService cmdlet to configure Autodiscover settings and restrict access as needed.

Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

Best,

Jake Zhang
匿名

2025-02-05T01:25:16.2166667+00:00

Hi @Tang, Ken,

Please kindly consider this comment as a warm follow up, I want to know if your problem has been solved. If you still have any other questions, please feel free to comment here and I'm glad to provide further support.If the above info is helpful to this question, you can click "Accept Answer". Have a nice day!

Best,

Jake Zhang

共用方式為

External Exchange Web Service configuration

1 個回答

您的回答