This is present by some time now but people usually forget about this security necessity. You can block access to on-prem Exchange admin center by using client access policy. New-ClientAccessRule - Name "Restrict EAC Access" - Action DenyAccess - AnyOfProtocols ExchangeAdminCenter - ExceptAnyOfClientIPAddressesOrRanges 192.168.10.1/24 - ExceptUsernameMatchesAnyOfPatterns *something* Don't expect EAC to bi invisible when you connect to it because of policy. You can still connect to it but when you log in it shows the following screen...
When you install Microsoft Exchange 2019 on Windows 2019 or 2022 server it is suggested to add some exclusions to Windows Defender. Since the list is quite large, use PowerShell to add exclusions. Exclusion list can be found at Running Windows antivirus software on Exchange servers | Microsoft Learn SECURITY PRECAUTION - Don't just blindly copy below commands and exclusions but check them. If anyone manipulated the below list on this site without my knowledge you will end adding exclusions you don't want to have. Run PowerShell on Windows 2019/2022 Exchange 2019 server as administrator. # Define the exclusion paths $folderExclusions = @( "$env:SystemRoot\Cluster", "$env:ExchangeInstallPath\ClientAccess\OAB", "$env:ExchangeInstallPath\FIP-FS", "$env:ExchangeInstallPath\GroupMetrics", "$env:ExchangeInstallPath\Logging", "$env:ExchangeInstallPath\Mailbox", "$env:ExchangeInstallPath\Tr