Skip to main content


Showing posts from 2024

Block access to Exchange Admin center from external network

This is present by some time now but people usually forget about this security necessity. You can block access to on-prem Exchange admin center by using client access policy. New-ClientAccessRule - Name "Restrict EAC Access" - Action DenyAccess - AnyOfProtocols ExchangeAdminCenter - ExceptAnyOfClientIPAddressesOrRanges - ExceptUsernameMatchesAnyOfPatterns *something* Don't expect EAC to bi invisible when you connect to it because of policy. You can still connect to it but when you log in it shows the following screen...  

Batch Add Microsoft Exchange 2019 exclusions to Windows Defender on Windows 2019/2022

When you install Microsoft Exchange 2019 on Windows 2019 or 2022 server it is suggested to add some exclusions to Windows Defender. Since the list is quite large, use PowerShell to add exclusions. Exclusion list can be found at  Running Windows antivirus software on Exchange servers | Microsoft Learn SECURITY PRECAUTION  - Don't just blindly copy below commands and exclusions but check them. If anyone manipulated the below list on this site without my knowledge you will end adding exclusions you don't want to have. Run  PowerShell  on Windows 2019/2022 Exchange 2019 server  as administrator. # Define the exclusion paths $folderExclusions = @(     "$env:SystemRoot\Cluster",     "$env:ExchangeInstallPath\ClientAccess\OAB",     "$env:ExchangeInstallPath\FIP-FS",     "$env:ExchangeInstallPath\GroupMetrics",     "$env:ExchangeInstallPath\Logging",     "$env:ExchangeInstallPath\Mailbox",     "$env:ExchangeInstallPath\Tr