![]() ![]() EWS is related to the free\busy information of the user's mailbox, Automatic replies (Out of office) and other functions. What do you mean by preventing this information from being publicly available? Let this information not be parsed by other tools?ġ.You are correct, disabling EWS is a not recommended option. Office-exchange-server-administration office-exchange-server-itpro I did see but am not clear if this can be used for EWS as well They indicated that we either disable EWS or restrict public access to the exchange server.ĭoes changing the two authentication options from my EWS screenshot address this (by blocking external HTTPS access to Exchange) without breaking something else or is there a recommended process to follow in addition or in place of this? Attackers can use this condition to brute force access to the mail server, thus causing email compromise. The insurance company gave the explanation that when EWS is enabled this creates an exploitable condition. Is this correct? What is necessary to restrict public access if not disabled and still allow active sync and outlook web access?īased on what I have found it is not recommended to entirely disable EWS as this could impact active sync among other apps\services. I believe disabling EWS would impact Outlook Web access and active sync for mobile users. Should this be done and if so what is the recommended way to do this? I've read some posts that stated to set basic authentication to disabled. I've seen some articles stating that it should not be disabled as it is a built in component of Exchange. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |