exchange online

The Exchange team’s notice about upcoming Graph API enforcement is more than a narrow permissions tweak: it is a deliberate tightening of how Microsoft wants applications to treat received email. Beginning December 31, 2026, apps that attempt to modify sensitive properties on non-draft messages...

Exchange Server turns 30 this year, and that milestone is more than a nostalgic footnote for Microsoft—it is a reminder that enterprise email still sits at the center of identity, compliance, security, and operational control. Microsoft’s own anniversary post frames Exchange as the product that...

Exchange Online administrators who have ever faced a data-spillage incident know the uncomfortable balance between urgency and governance: you want sensitive content gone quickly, but the compliance controls that protect the business are often the same controls that slow deletion down...

Microsoft is moving Priority Cleanup from a niche compliance escape hatch toward a more deliberate operational control, and Priority Cleanup V2 looks like the next step in that evolution. The current feature already exists to let administrators permanently delete sensitive Exchange Online...

Exchange Online administrators across multiple tenants are reporting a troubling and repeatable symptom: attempts to change Public Folder permissions are being rejected with access-denied or “permission change is denied” errors, and the problem appears to have affected multiple tenants over the...

Microsoft has added per‑connector control for SMTP DANE and MTA‑STS validation in Exchange Online outbound connectors, giving administrators explicit, granular settings to balance strict transport security with real‑world delivery reliability. Instead of a single enforcement posture for all...

Microsoft’s timetable for retiring Exchange Web Services (EWS) in Exchange Online is now concrete, and the next 14–28 months are a critical window for IT teams: you must discover which Azure AD app registrations and automation still rely on EWS today, prioritize the truly active dependencies...

Microsoft’s Exchange Online team is deprecating the long-standing -Credential parameter in Exchange Online PowerShell — a change that administrators must treat as urgent rather than optional. The company’s guidance (and the wider MFA/ROPC narrative) makes clear that the legacy Resource Owner...

Microsoft has set firm, non‑negotiable deadlines for the end of Exchange Web Services (EWS) in Exchange Online — tenant‑by‑tenant disablement begins on October 1, 2026, and EWS will be permanently and irrevocably removed on April 1, 2027 — and organizations that still rely on EWS have a narrow...

Microsoft has put a firm deadline on the end of Exchange Web Services (EWS) in Exchange Online: tenant-by-tenant disablement begins October 1, 2026, and EWS will be permanently removed from Exchange Online on April 1, 2027 — a hard stop Microsoft says will admit no exceptions. o Background...

Microsoft has set hard dates: Exchange Web Services (EWS) in Exchange Online will be disabled by default starting October 1, 2026, and will be permanently and irrevocably shut down on April 1, 2027 — leaving organizations no choice but to migrate active EWS integrations to Microsoft Graph (or...

Microsoft has given administrators a hard, non-negotiable runway: beginning October 1, 2026, Exchange Web Services (EWS) will be disabled by default in Exchange Online tenants, and the platform will be completely and permanently shut down on April 1, 2027. That phased shutdown—combined with new...

Exchange Web Services in Exchange Online is being retired, and the clock is now unmistakably ticking: Microsoft will begin tenant-by-tenant disablement starting October 1, 2026, with a final, irreversible shutdown of EWS in Exchange Online in 2027. This move completes a deprecation that began...

Microsoft is rolling out a pair of practical updates to Exchange Online moderation that should make life easier for moderators and admins alike: moderated messages will now use Actionable Messages adaptive cards so Approve | Reject controls appear inside the message body on every Outlook client...

Microsoft is urging organizations that send or receive mail with Exchange Online to make sure the DigiCert Global Root G2 root certificate (and its subordinate CAs) is trusted on any systems that perform full certificate-chain validation — failure to do so may interrupt mail flow and TLS-based...

Microsoft has pushed more runway to organizations still using legacy SMTP AUTH with Basic Authentication in Exchange Online, replacing an earlier hard deadline with a clearer, staged timeline that gives admins more time to inventory, remediate, and migrate—but it also tightens defaults going...

Microsoft has opened public preview of Message Trace support in Microsoft Graph, marking a significant step toward modernizing how organizations collect, query, and automate email trace data from Exchange Online. The preview shifts message tracing from the legacy Reporting Webservice to a...

Microsoft has begun enforcing tighter email access controls that will block Exchange Online sign‑ins from mobile clients and devices that aren’t prepared for the change — a move IT departments must treat as an operational deadline if they want to avoid sudden user outages and helpdesk chaos...

Exchange Online mailbox quotas are straightforward in concept but layered in practice — and the difference between a 30 GB limit and a 1.5 TB “auto‑expanding” archive can be the difference between a smooth migration and a frustrated user locked out of email. m]) Background / Overview Exchange...

Microsoft's Exchange engineering team has made a clear — and important — clarification for Exchange Online administrators: using New-MoveRequest to force local mailbox moves inside the same tenant or datacenter is not supported and is actively discouraged. While the cmdlet still exists and can...