diff --git a/fail2ban/filter.d/nginx-json-exchange.conf b/fail2ban/filter.d/nginx-json-exchange.conf
new file mode 100644
index 0000000..9de935e
--- /dev/null
+++ b/fail2ban/filter.d/nginx-json-exchange.conf
@@ -0,0 +1,11 @@
+# /etc/fail2ban/filter.d/nginx-json-exchange.conf
+#
+# Filtro para proteger o Microsoft Exchange de ataques de força bruta.
+
+[Definition]
+
+# Esta regex procura por requisições POST para as URLs de autenticação
+# do Outlook Web App (OWA) e do Exchange Control Panel (ECP).
+failregex = ^.*"remote_addr":"<HOST>".*"method":"POST".*"uri":".*(\/owa\/auth\.owa|\/ecp\/auth\.aspx).*".*$
+
+ignoreregex =
diff --git a/fail2ban/jail.local b/fail2ban/jail.local
index b53a9bd..16c942f 100644
--- a/fail2ban/jail.local
+++ b/fail2ban/jail.local
@@ -54,3 +54,12 @@ logpath  = /var/log/nginx/access.log
 maxretry = 5
 findtime = 5m
 bantime  = 1h
+
+[exchange-authip]
+enabled  = true
+port     = https  # O tráfego de login é sempre HTTPS
+filter   = nginx-json-exchange
+logpath  = /var/log/nginx/access.log
+maxretry = 5       # Bane após 5 tentativas de login
+findtime = 5m      # Numa janela de 5 minutos
+bantime  = 24h     # Bane por 24 horas. Ataques ao Exchange são sérios.