This is present by some time now but people usually forget about this security necessity. You can block access to on-prem Exchange admin center by using client access policy. New-ClientAccessRule - Name "Restrict EAC Access" - Action DenyAccess - AnyOfProtocols ExchangeAdminCenter - ExceptAnyOfClientIPAddressesOrRanges 192.168.10.1/24 - ExceptUsernameMatchesAnyOfPatterns *something* Don't expect EAC to bi invisible when you connect to it because of policy. You can still connect to it but when you log in it shows the following screen...
Exchanging technical experience