You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
exchange online
About this tag
Exchange Online discussions on WindowsForum.com cover a range of operational and security topics for IT administrators managing Microsoft 365 tenants. Recent threads address the CVE-2026-54998 elevation-of-privilege vulnerability and how Microsoft's advisory language affects response confidence. Administrators are also navigating the phased retirement of Exchange Web Services (EWS), with an allow list deadline in October 2026 and full shutdown in 2027, alongside a similar cutoff for legacy TLS on POP/IMAP connections in July 2026. Other practical topics include centralized email signature governance for compliance, resource mailbox utilization reporting via PowerShell or Graph, and the impact of a legacy Outlook for Mac bug that blanks reply bodies. Microsoft's Defender email security benchmark and its implications for Exchange Online protection are also discussed.
Microsoft has listed CVE-2026-54998 as a Microsoft Exchange Online elevation-of-privilege vulnerability in the Security Update Guide, framing it as a cloud-service issue where Microsoft’s own remediation and disclosure signals matter more than any patch an Exchange administrator can manually...
ITPro has published a Microsoft 365 Email Signature Compliance Checklist for IT professionals, positioning centralized signature governance as a way to reduce legal exposure, security gaps, formatting inconsistency, and operational tickets across organizations that rely on Outlook, Exchange...
Microsoft will begin restricting Exchange Web Services access in Exchange Online in October 2026, allowing only explicitly approved applications to keep using EWS during a phased retirement that ends with a full shutdown in 2027. The move turns a long-running deprecation warning into an...
Microsoft confirmed on June 17, 2026, that legacy Outlook for Mac can blank the original message body when users reply to or forward email, leaving only headers visible while the Outlook team investigates a fix. That sounds like a narrow Mac bug until you remember what email actually is in most...
Microsoft is rolling out EWSAllowedAppIDs in Exchange Online in June 2026 so tenant administrators can restrict remaining Exchange Web Services access to specific application IDs before phased EWS disablement begins in October 2026 and full Exchange Online retirement arrives in April 2027. The...
Microsoft’s Exchange Team said on May 21, 2026, that Exchange Online has no native utilization report for resource mailboxes, leaving administrators to determine active use by querying calendar data through Exchange Online PowerShell, Microsoft Graph, or folder statistics. That is a practical...
Microsoft published its fourth quarterly Defender email security benchmarking update on June 15, 2026, covering February through April 2026 and comparing Defender for Office 365 against secure email gateway and integrated cloud email security vendors using production telemetry. The headline is...
Microsoft will block Exchange Online POP3 and IMAP4 client connections that still negotiate TLS 1.0 or TLS 1.1 beginning in July 2026, and the systems most likely to break are not modern Outlook clients but older gateways, scanners, archival tools, mailbox-polling applications, and...
DavMail 6.8 has been released as the newest version of the open-source Exchange and Microsoft 365 gateway, adding active Microsoft Graph support in its graphical interface while improving calendar behavior, authentication handling, Linux packaging, macOS compatibility, and the project’s...
Microsoft has listed CVE-2026-48579 as a Microsoft Exchange Online information disclosure vulnerability in the Security Update Guide, giving administrators a confirmed cloud-service security issue to track as of June 4, 2026, even though public technical detail remains limited. The important...
Microsoft’s Exchange Team said on May 21, 2026, that Exchange Online still has no native report for identifying active Resource Mailboxes, leaving administrators to infer usage from calendar data in PowerShell, Microsoft Graph, or mailbox folder statistics. That answer is useful, but it is also...
Microsoft’s Exchange Team said in May 2026 that Exchange Online still has no native report showing which room, equipment, or workspace resource mailboxes are actively used, leaving administrators to infer utilization from calendar data through PowerShell, Microsoft Graph, or mailbox folder...
Microsoft’s Exchange Team said on May 21, 2026, that Exchange Online still lacks a native utilization report for resource mailboxes, leaving administrators to infer active use from calendar data through Exchange Online PowerShell, Microsoft Graph, or mailbox folder statistics. That is a small...
Microsoft said on May 8, 2026, that Exchange Online will stop supporting direct Exchange ActiveSync certificate-based authentication by the end of 2026, forcing affected mobile mail clients to authenticate certificates through Microsoft Entra ID instead of presenting them straight to Exchange...
Microsoft has made its Mailbox Import and Export APIs for Microsoft Graph generally available in May 2026, giving Exchange Online developers a production-supported replacement path for a major Exchange Web Services workload before EWS enforcement begins later this year. The timing is not...
Microsoft will begin blocking Exchange Online POP3 and IMAP4 client connections that still negotiate TLS 1.0 or TLS 1.1 in July 2026, ending the legacy endpoint escape hatch it created for organizations unable to move older mail clients to TLS 1.2 or newer. The decision is less a surprise than a...
Exchange Online is pushing deeper into DNS security at exactly the moment when email infrastructure is becoming a more attractive target for spoofing, tampering, and downgrade attacks. Microsoft’s latest update on modernizing mail flow security confirms that the company is not treating DNSSEC...
Modernizing DNS security for Exchange Online is no longer a niche transport tweak; it is becoming a central part of Microsoft’s mail-flow strategy. In a new update, the Microsoft 365 Messaging Team says it will add a DNSSEC Enablement Wizard in the Exchange Admin Center, expand admin control...
Microsoft is widening its Exchange Online change-management story with the public preview of the Change Optics Report, a new reporting surface designed to help admins spot messages that may be affected by future service changes before those changes turn into incidents. The report is positioned...
Change is coming to Exchange Online, and Microsoft is trying to make that change easier to see before it becomes disruptive. The new Change Optics Report, now in Public Preview, gives admins a central place to identify messages that match patterns tied to announced service changes, including...