Disable external access to ECP Exchange 2019 Server 2019

ECP in Exchange Server It’s a big security risk In this article you will learn how to disable external access to ECP in Exchange Server 2019 external access If it’s not possible to do it on the firewall, do it on the Exchange Server It’s better than not disabling ECP Let’s have a look at how to disable external access to ECP in Exchange 2019

Install IP and Domain Restrictions role

Run the Add Roles and Features Wizard from the Exchange Server Roles tab. Expand Web Server (IIS) -> Web Server -> Security. Check the IP and Domain Restrictions role. On our end it’s already installed on the Exchange Server

Click on Next. Click Install to install the IP and Domain Restrictions role. Installation completes. Proceed further with the steps below

Start IP Address and Domain Restrictions in IIS

Open IIS Manager on the Exchange Server Expand Server -> Sites -> Default Web Site Select ecp. Double click on IP Address and Domain Restrictions See screenshot

Edit feature settings

The IP Address and Domain Restrictions feature is open. Let’s configure it to disable external access to ECP on the Exchange Server 2016. First, click on Edit Feature Settings… and configure it to Deny access for unspecified clients. Set the Deny Action Type to Not Found

Add allow entry

Click on Add Allow Entry… and configure that you can access ECP internal on the Exchange Server (localhost). Add the IP 127.0.0.0 with prefix 8 If you want to add the subnet mask instead of the prefix, it should be 255.0.0.0

You added the entry. Now you can log in ECP from the Exchange Server go to https://localhost/ecp I don’t recommend to open ECP on the whole internal LAN If you have management servers add the IP addresses to the allow list

You added the entries and it is showing correctly Start ECP and login from the IP addresses that you added Make sure you insert the Exchange Server hostname For example https://exchangeserver/ecp

Leave a Reply

Your email address will not be published.


CAPTCHA Image
Reload Image

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WhatsApp Logo IT World