Block EWS In Exchange

Nandan NK 50 Reputation points
2024-03-06T15:42:34.6966667+00:00

We are using Exchange 2019 I want to block EWS for external users, how we can do that?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,626 questions
Microsoft Exchange
Microsoft Exchange
Microsoft messaging and collaboration software.
532 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,097 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 147.9K Reputation points MVP
    2024-03-06T16:32:36.47+00:00

    You cant really do that unless you perhaps set allowd IPs on the EWS virtual directory or use a load balancer / reverse proxy that allows you to target the EWS directory.

    Note that

    https://video2.skills-academy.com/en-us/exchange/architecture/client-access/load-balancing?view=exchserver-2019

    User's image

    2 people found this answer helpful.
    0 comments
  2. Andy David - MVP 147.9K Reputation points MVP
    2024-03-06T17:39:25.9233333+00:00

    You can use this as a guide and set on the EWS virtual directory instead:https://blog.expta.com/2018/10/how-to-block-external-access-to.html

    1 person found this answer helpful.
    0 comments
  3. JimmyYang-MSFT 52,801 Reputation points Microsoft Vendor
    2024-03-07T10:00:22.54+00:00

    @Nandan NK

    To block external access to Exchange Web Services (EWS) in Exchange Server 2019, you can use the Set-OrganizationConfig cmdlet in the Exchange Management Shell. Here are the steps:

    1. Open the Exchange Management Shell.
    2. Run the following command: Set-OrganizationConfig -EwsAllowList @{Add="InternalIPorFQDN"} -EwsBlockList @{Add="*"} Replace "InternalIPorFQDN" with the IP address or fully qualified domain name (FQDN) of your internal Exchange server. This will allow only internal users to access EWS and block all external access.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.