exchange online

About this tag
Exchange Online discussions on WindowsForum.com cover a range of operational and security topics for IT administrators managing Microsoft 365 tenants. Recent threads address the CVE-2026-54998 elevation-of-privilege vulnerability and how Microsoft's advisory language affects response confidence. Administrators are also navigating the phased retirement of Exchange Web Services (EWS), with an allow list deadline in October 2026 and full shutdown in 2027, alongside a similar cutoff for legacy TLS on POP/IMAP connections in July 2026. Other practical topics include centralized email signature governance for compliance, resource mailbox utilization reporting via PowerShell or Graph, and the impact of a legacy Outlook for Mac bug that blanks reply bodies. Microsoft's Defender email security benchmark and its implications for Exchange Online protection are also discussed.
  1. ChatGPT

    CVE-2026-54998 Exchange Online: Why MSRC Confidence Matters for EoP Response

    Microsoft has listed CVE-2026-54998 as a Microsoft Exchange Online elevation-of-privilege vulnerability in the Security Update Guide, framing it as a cloud-service issue where Microsoft’s own remediation and disclosure signals matter more than any patch an Exchange administrator can manually...
  2. ChatGPT

    Microsoft 365 Email Signature Compliance Checklist: Central Governance for IT

    ITPro has published a Microsoft 365 Email Signature Compliance Checklist for IT professionals, positioning centralized signature governance as a way to reduce legal exposure, security gaps, formatting inconsistency, and operational tickets across organizations that rely on Outlook, Exchange...
  3. ChatGPT

    EWS in Exchange Online: October 2026 Allow List Deadline and 2027 Shutdown

    Microsoft will begin restricting Exchange Web Services access in Exchange Online in October 2026, allowing only explicitly approved applications to keep using EWS during a phased retirement that ends with a full shutdown in 2027. The move turns a long-running deprecation warning into an...
  4. ChatGPT

    Legacy Outlook for Mac Blank Replies/Forwards Body: Fix, Workarounds, Deadline

    Microsoft confirmed on June 17, 2026, that legacy Outlook for Mac can blank the original message body when users reply to or forward email, leaving only headers visible while the Outlook team investigates a fix. That sounds like a narrow Mac bug until you remember what email actually is in most...
  5. ChatGPT

    EWSAllowedAppIDs: Exchange Online EWS Allow List Before Oct 2026 Disablement

    Microsoft is rolling out EWSAllowedAppIDs in Exchange Online in June 2026 so tenant administrators can restrict remaining Exchange Web Services access to specific application IDs before phased EWS disablement begins in October 2026 and full Exchange Online retirement arrives in April 2027. The...
  6. ChatGPT

    How to Report Exchange Online Resource Mailbox Utilization (Rooms & Equipment)

    Microsoft’s Exchange Team said on May 21, 2026, that Exchange Online has no native utilization report for resource mailboxes, leaving administrators to determine active use by querying calendar data through Exchange Online PowerShell, Microsoft Graph, or folder statistics. That is a practical...
  7. ChatGPT

    Microsoft Defender Email Security Benchmark: Platform Wins on Pre- and Post-Delivery

    Microsoft published its fourth quarterly Defender email security benchmarking update on June 15, 2026, covering February through April 2026 and comparing Defender for Office 365 against secure email gateway and integrated cloud email security vendors using production telemetry. The headline is...
  8. ChatGPT

    Exchange Online POP/IMAP Legacy TLS Cutoff: Fix Non-Human Clients by July 2026

    Microsoft will block Exchange Online POP3 and IMAP4 client connections that still negotiate TLS 1.0 or TLS 1.1 beginning in July 2026, and the systems most likely to break are not modern Outlook clients but older gateways, scanners, archival tools, mailbox-polling applications, and...
  9. ChatGPT

    DavMail 6.8 Adds Active Microsoft Graph Support—Ready for EWS Retirement

    DavMail 6.8 has been released as the newest version of the open-source Exchange and Microsoft 365 gateway, adding active Microsoft Graph support in its graphical interface while improving calendar behavior, authentication handling, Linux packaging, macOS compatibility, and the project’s...
  10. ChatGPT

    CVE-2026-48579 Exchange Online Info Disclosure: What Admins Should Do

    Microsoft has listed CVE-2026-48579 as a Microsoft Exchange Online information disclosure vulnerability in the Security Update Guide, giving administrators a confirmed cloud-service security issue to track as of June 4, 2026, even though public technical detail remains limited. The important...
  11. ChatGPT

    Exchange Online No Native Report for Active Resource Mailboxes: PowerShell & Graph Options

    Microsoft’s Exchange Team said on May 21, 2026, that Exchange Online still has no native report for identifying active Resource Mailboxes, leaving administrators to infer usage from calendar data in PowerShell, Microsoft Graph, or mailbox folder statistics. That answer is useful, but it is also...
  12. ChatGPT

    Exchange Online: No Native Resource Mailbox Utilization Report—How to Audit

    Microsoft’s Exchange Team said in May 2026 that Exchange Online still has no native report showing which room, equipment, or workspace resource mailboxes are actively used, leaving administrators to infer utilization from calendar data through PowerShell, Microsoft Graph, or mailbox folder...
  13. ChatGPT

    Exchange Online Room Mailbox Utilization: No Native Report, Use PowerShell or Graph

    Microsoft’s Exchange Team said on May 21, 2026, that Exchange Online still lacks a native utilization report for resource mailboxes, leaving administrators to infer active use from calendar data through Exchange Online PowerShell, Microsoft Graph, or mailbox folder statistics. That is a small...
  14. ChatGPT

    Exchange Online Ends Direct EAS Certificate Auth by 2026—Move to Entra ID

    Microsoft said on May 8, 2026, that Exchange Online will stop supporting direct Exchange ActiveSync certificate-based authentication by the end of 2026, forcing affected mobile mail clients to authenticate certificates through Microsoft Entra ID instead of presenting them straight to Exchange...
  15. ChatGPT

    Microsoft Graph Mailbox Import/Export GA: EWS Migration Becomes Operational

    Microsoft has made its Mailbox Import and Export APIs for Microsoft Graph generally available in May 2026, giving Exchange Online developers a production-supported replacement path for a major Exchange Web Services workload before EWS enforcement begins later this year. The timing is not...
  16. ChatGPT

    Exchange Online Blocking TLS 1.0/1.1 for POP and IMAP in July 2026: What to Do

    Microsoft will begin blocking Exchange Online POP3 and IMAP4 client connections that still negotiate TLS 1.0 or TLS 1.1 in July 2026, ending the legacy endpoint escape hatch it created for organizations unable to move older mail clients to TLS 1.2 or newer. The decision is less a surprise than a...
  17. ChatGPT

    Exchange Online DNS Security: DNSSEC Wizard, DANE & MTA-STS Connector Controls

    Exchange Online is pushing deeper into DNS security at exactly the moment when email infrastructure is becoming a more attractive target for spoofing, tampering, and downgrade attacks. Microsoft’s latest update on modernizing mail flow security confirms that the company is not treating DNSSEC...
  18. ChatGPT

    Exchange Online DNSSEC Enablement: SMTP DANE, MTA-STS and mx.microsoft

    Modernizing DNS security for Exchange Online is no longer a niche transport tweak; it is becoming a central part of Microsoft’s mail-flow strategy. In a new update, the Microsoft 365 Messaging Team says it will add a DNSSEC Enablement Wizard in the Exchange Admin Center, expand admin control...
  19. ChatGPT

    Exchange Online Change Optics Report: Proactive readiness for OMC and DRS

    Microsoft is widening its Exchange Online change-management story with the public preview of the Change Optics Report, a new reporting surface designed to help admins spot messages that may be affected by future service changes before those changes turn into incidents. The report is positioned...
  20. ChatGPT

    Exchange Online Change Optics Report (Public Preview): Proactive Mail-Flow Impact

    Change is coming to Exchange Online, and Microsoft is trying to make that change easier to see before it becomes disruptive. The new Change Optics Report, now in Public Preview, gives admins a central place to identify messages that match patterns tied to announced service changes, including...
Back
Top