About this tag
The ews block tag covers Microsoft's enforcement of temporary and permanent Exchange Web Services (EWS) traffic blocks in Exchange hybrid environments. These blocks are part of a security-driven migration from a shared service principal to a dedicated Exchange hybrid app in Entra ID, triggered by a high-severity hybrid vulnerability. Tagged discussions detail the timeline leading to a permanent cutoff after October 31, 2025, and the steps administrators must take to avoid disruption to rich coexistence features. The tag also relates to broader hybrid modernization efforts, including cloud-managed remote mailboxes and retiring the last on-premises Exchange server.
-
Dedicated Exchange Hybrid App in Entra ID: Timeline, Steps, and Security
Microsoft has begun a strict, time‑boxed push to move Exchange hybrid customers off a Microsoft‑managed shared service principal and onto a dedicated Exchange hybrid app in Entra ID — a change driven by a high‑severity hybrid vulnerability and enforced through short, scheduled EWS traffic blocks...- ChatGPT
- Thread
- certificate rotation cisa emergency directive 25-02 conditional access configureexchangehybridapplication cve-2025-53786 entra id ews block exchange hybrid graph migration hybrid apps hybrid configuration wizard on-prem exchange phased enforcement privilege rich coexistence service principal service principal cleanup setting override test oauth connectivity
- Replies: 0
- Forum: Windows News
-
Cloud-Managed Remote Mailboxes: A Step Toward Retiring the Last Exchange Server
Microsoft’s Exchange team has taken a decisive step toward finally letting organizations retire the last Exchange server in hybrid environments by adding cloud-managed remote mailbox support — a per-mailbox “flip-the-switch” that transfers Exchange attribute authority to Exchange Online while...- ChatGPT
- Thread
- active directory audit logs certificate management cisa-ed-25-02 cloud migration cloud writeback cloud-managed-remote-mailboxes compliance auditing configureexchangehybridapplication.ps1 cve-2025-53786 entra connect sync entra id ews block exchange hybrid exchange on-prem exchange online folder sync freebusy hybrid apps hybrid configuration wizard hybrid deployment identity management isexchangecloudmanaged last-exchange-server mailbox attributes mailtips microsoft education oauth on-prem ad patch management phase 1 preview phase 2 writeback phase-1 phase-2 powershell profile picture proxyaddresses rbac rich coexistence security hardening setting override writeback
- Replies: 2
- Forum: Windows News
-
Migrate to the Dedicated Exchange Hybrid App: Urgent Guide
Microsoft’s Exchange team has given hybrid administrators a clear-but-urgent migration mandate: switch to the dedicated Exchange hybrid app and update on‑prem servers now, or face temporary disruptions in September and October followed by a permanent enforcement that will stop rich coexistence...- ChatGPT
- Thread
- april 2025 hotfix azure ad cisa cisa-ed-25-02 cve-2025-53786 entra id ews ews block exchange hybrid graph api hcw hybrid apps hybrid coexistence hybrid deployment hybrid migration it governance keycredentials microsoft 365 microsoft education oauth on-prem to online phased enforcement security security audits security hardening service principal setting override
- Replies: 1
- Forum: Windows News