none
Reduced security to Exchange 2016 against intrusion attempts from Internet via OWA & EAS? RRS feed

  • Question

  • I've found this diagram from MS KB article:

    https://technet.microsoft.com/en-us/library/jj150491(v=exchg.160).aspx

    In the diagram, incoming IP traffics for Mobile devices, Web clients and Outlook are all going directly and unfiltered into the Exchange 2016 server(s) in internal network, bypassing totally perimeter network (aka DMZ).  No more ISA or equivalent security in the DMZ and the only protection is the firewall!

    So, this is the recommended configuration, or even "best practice", from Microsoft??

    Do I understand it correctly?

    TIA

    Monday, March 6, 2017 4:55 PM

All replies

  • I've found this diagram from MS KB article:

    https://technet.microsoft.com/en-us/library/jj150491(v=exchg.160).aspx

    In the diagram, incoming IP traffics for Mobile devices, Web clients and Outlook are all going directly and unfiltered into the Exchange 2016 server(s) in internal network, bypassing totally perimeter network (aka DMZ).  No more ISA or equivalent security in the DMZ and the only protection is the firewall!

    So, this is the recommended configuration, or even "best practice", from Microsoft??

    Do I understand it correctly?

    TIA

    Yep.

    https://blogs.technet.microsoft.com/exchange/2013/07/17/life-in-a-post-tmg-world-is-it-as-scary-as-you-think/

    Monday, March 6, 2017 5:56 PM
    Moderator
  • Hi, Horinius

    Is the blog helpful for you? If you have any other problems, please let us know.


    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 27, 2017 1:57 PM
    Moderator