Link to home
Create AccountLog in
Avatar of carjar12
carjar12Flag for United States of America

asked on

Exchange 2013 Admin Console

Hello,
By default, the Exchange 2013 Admin Console is available from an internal and external URL. It seems as if this is a pretty big security issue. Has anyone else had success in turning off the external URL? If so, could you please share how you did it? Thank you!
Avatar of Cyclops3590
Cyclops3590
Flag of United States of America image

The way I would do it is first make sure the ip based restriction feature is installed

web server (iis) > web server > security > ip and domain restrictions

then go into the iis manager and select the ip address and domain restriction feature under the ecp folder under what ever site you have it running under (most likely default)

click edit feature settings on the right and switch it to be "deny" by default and the action you want to have for deny (i would go with not found so it looks like its shut off to other people snooping around).  then add the ip ranges of clients you want to allow in the list.

you should have it only accessible from internal networks now (provided you only specified internal ip ranges)
Avatar of carjar12

ASKER

Thank you so much for the responses! I actually tried those suggestions on the ECP folder in IIS, and the changes I made also affected OWA. I called Microsoft on it and they stated that was not supported by them. It definitely seems like the above ideas should work. Thanks again!
ASKER CERTIFIED SOLUTION
Avatar of Cyclops3590
Cyclops3590
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thank you! It worked.