How to Disable ECP in Exchange 2016 Server

Tej Pratap Shukla | Modified: July 16, 2016 | Exchange Server 2016, General Info | 3 Minutes Reading

Hello Guys today we are going to discuss about how to disable ECP in Exchange 2016 Mailbox Server. In earlier version then Exchange 2013 there was Exchange Management Console (EMC) at place of Exchange Admin Center. As you might know that EMC is a Microsoft Management Console (MMC) type application while Exchange Admin Center (EAC) is Web based Management Console which allow Exchange Administrators to manage Exchange Server 2016. EAC is installed on Internet Information Services (IIS) as a virtual directory.
In Exchange 2016 Microsoft provides a facility to access Exchange Admin Center from anywhere and control, manage and monitor it using Administrator account. But this can be seen as an advantage as well as a disadvantage too. Because some admin want to access EAC from external network while some do not want to access it from external network or internet. But by default in Exchange 2016 EAC can be accessed from internally as well as externally.

Access ECP at anywhere

For accessing EAC just need to type same address which is typed for accessing OWA but there is slightly change in URL for accessing EAC. In URL at place of OWA, need to type ECP (for example: https://yourcompanydomain/ecp).

Disable ECP in Exchange 2016 using Command

Microsoft completely care about the user of Exchange Server 2016 therefore it is possible to restrict the access of ECP from access using external network or Internet. Because it increases the probability of being hacked the server. There is a command which you can run in Exchange Management Shell to restrict the access of ECP without restricting the access of OWA. Run below written command for disabling ECP, you can see below image for reference.
Command: Set-EcpVirtualDirectory -identity "ecp " -AdminEnabled $false
Where:
ecp is Identity
$false is for restricting the ECP access

disable ecp in exchange 2016

By running above command in Shell you will disable the ECP by it will take up to 5 min for applying changes. Therefore if you want to apply immediate change then run below command in shell.
Command: iisreset /noforce

Disadvantage of disabling ECP

After disabling the ECP if you will try to access it, you will get 404 Page Not Found error. The main disadvantage of disabling ECP is that it won’t be accessible from internal network as well as internet. Therefore it will create an another problem for administrator and the next time whenever administrator want to access ECP it will be required to enable it again by running the same command with some changes which is written below.
Command: Set-EcpVirtualDirectory -identity "ecp " -AdminEnabled $true

To overcome this problem Microsoft suggests for creating another CAS only for internal network. But according to me it will be better to create an another website with OWA Vitrual Directories and ECP only for internal network.

Conclusion

In this article we have discussed about how to disable ECP in Exchange 2016 with help of a command by running it in Exchange Management Shell. We also discussed about advantage, disadvantage and the effect of command over OWA. As we saw that running this command is not a very good till that time we are not prepare for creating new CAS only for internal network. The same discussed command to disable ECP will also work for Exchange 2013 server.
I have taken reference for writing this article from Microsoft Technet site to write disable ECP command .