Securing the Microsoft 365 Application Endpoint Host

This section provides instructions on how to improve the security of the Microsoft 365 Application Endpoint Host.

  1. Log on to the Microsoft 365 Application Endpoint Host as an administrator.
  2. Make sure the IP and Domain Restrictions role service is installed for the Web Server (IIS) role. See the http://www.iis.net/ConfigReference/system.webServer/security/ipSecurity article for details.
  3. Open Internet Information Services (IIS) Manager.

  4. For each Microsoft 365 gateway application, perform the following actions:

    1. In the navigation tree, select the Microsoft 365 gateway application.
    2. Double-click the IP Address and Domain Restrictions icon.
    3. Click the Edit Feature Settings link.
    4. Select Deny in the Access for unspecified clients field.
    5. Click OK.
    6. Click the Add Allow Entry link.
    7. Select the Specific IP address option.
    8. In the field, specify the BackNet IP address of the Operations Management Node that corresponds to the Microsoft 365 gateway application.
    9. Click OK.
    10. Validate that the https://<Microsoft_365_Gateway_Site>/<Microsoft_365_Gateway_Application>/aps/ URL is accessible only from the Operations Management Node.

Important: If you have additional management nodes on your installation, add the respective allow item for each of them by using the instructions above.

© 2022 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal