We are facing issue when configuring the Brute Force for Exchange ActiveSync service.
We have virtual server configured with APM Policy and ASM as well.
We tried to bypass the ActiveSync from APM to send the traffic of login page /Microsoft-Server-ActiveSync to ASM to detect the Brute Force Attack but not worked fine.
We tried also to not bypass the activesync from APM and used "Max user attempts" feature on AD Auth Agent to be 3 attempts but didn't worked also
As well as the AD configured to lock the account after 5 attempts so we found that APM didn't force the user to logout after 3 attempts which lead that account was locked on AD
In the same time we can't use google CAPTCHA option as per requirements , so Any help here ? How we can achieve brute force mitigation for ActiveSync when we have APM and ASM in the same virtual server
Because APM functionality in the virtual server is processed before the ASM policy, you need to use a layered virtual to process traffic through ASM before passing it to the APM-configured virtual.
