In Exchange 2016, you can harden access to the Exchange Admin Center (EAC) by creating a rule/s in IIS.

To do this you will need to add an additional feature to IIS called “IP and Domain Restrictions”. This can be done from Server Manager and selecting “Add Roles and Features” as shown below:

Exchange 2016:- restrict access to the eac in iis
Exchange 2016:- Restrict Access to the EAC in IIS 1

Once installed, you can launch IIS Manager and then expand your Sites -> Default Web Site and then click on the ECP directory.

Double click “IP address and Domain Restrictions” and then click on “Add Allow Entry” on the right hand side as shown below:

Exchange 2016:- restrict access to the eac in iis
Exchange 2016:- Restrict Access to the EAC in IIS 2

Once you click that action item, a new window will show as below, you can restrict a single IP or a range. Range can be as follows:

  • IP: 192.168.0.1
  • Mask: 255.255.255.0
Exchange 2016:- restrict access to the eac in iis
Exchange 2016:- Restrict Access to the EAC in IIS 3

Click OK when done, you will be taken back to the “IP Address and Domain Restrictions” page where the information provided above will show. Now click on Edit Feature Settings on the right hand side as shown below:

Exchange 2016:- restrict access to the eac in iis
Exchange 2016:- Restrict Access to the EAC in IIS 4

On the Edit Page, Select Deny as shown below as well as “Not Found” under the Action Type section:

Exchange 2016:- restrict access to the eac in iis
Exchange 2016:- Restrict Access to the EAC in IIS 5

Click OK when done.

Restart IIS by doing an IISRESET from an elevated prompt or restart the server.

**Warning**, if you decide to decide to remove the IP, it can potentially break the EAC.

Hope it helps.

Discover more from COLLABORATION PRO

Subscribe now to keep reading and get access to the full archive.

Continue reading