question

EE-9037 avatar image
0 Votes"
EE-9037 asked EE-9037 answered

Do I disable OWA if our mailbox is in Office 365 as part of the recommendation for the recent Exchange exploit?

Hi,

In response to the recent Exchange exploit, one of the recommendations is to, "Remove public access to Outlook Web Access (OWA) and Exchange Control Panel (ECP)." The vulnerability I am talking about is this https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

If we have an Exchange hybrid server on-prem, but the majority of our mailboxes are in the cloud (O365), do we still need to disable OWA for our users whose mailboxes are in the cloud?

How do I disable OWA for the mailbox on-prem? We are using Exchanger server 2019 Standard.

Thank you,

office-exchange-hybrid-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered KyleXu-MSFT edited

@EE-9037

It only affects the Exchange on-premises, not Exchange online.

In Exchange 2019, you could use Client Access Rules to block accessing of ECP. About OWA, you could block it on your firewall .

I would suggest you install the lasted CU first which contains the security patch for this issue.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EE-9037 avatar image
0 Votes"
EE-9037 answered

Thank you. The server is fully patched. I will look into blocking OWA in our firewall.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.