we have added two Exchange Server 2016 to our infrastructure this week and are currently analyzing the behavior of the servers. The Exchange infrastructure is accessible via HTTPS over the Internet and today we saw three warnings in EMC that we can't unambiguously interpret now.
It indicates that the firewall has detected some attacks but not what has been done about them. The warnings are listed as unresolved. Probably they are just brute force attacks on the login of the Exchange Command Panel but what makes us suspicious is that we did not knowingly install a firewall. We only installed the Management Agent and the Mail Security.
Is there more information where this firewall comes from now and a best practice tutorial on how to best handle it? And how should we proceed with these unresolved threats?
Thx in advance & Bye Tom