Blog Post

Exchange Team Blog
1 MIN READ

Deprecation of Client Access Rules in Exchange Online

The_Exchange_Team's avatar
Sep 27, 2022

Update 12/12/2024: Please see our later blog post for updates on this subject.

Client Access Rules (CARs) help to control access to the Exchange Online organization. Now with new features, like Continuous Access Evaluation (CAE) that allows Azure Active Directory applications to subscribe to critical events, that can then be evaluated and enforced in near real time; you can have better control while also adding resiliency to your organization.

Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023.

We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules.

The CARs deprecation timeline is planned as follows:

How does this affect you?

If you do not currently use CARs, cmdlets will be disabled for your tenant after October 2022.

If you currently have CARs configured in your tenant you will be able to keep using them until September 2023, which provides you with time to migrate other, more resilient options.

Resources

Client Access Rules in Exchange Online
Continuous access evaluation in Azure AD

 

--The Exchange Team

Updated Dec 12, 2024
Version 6.0
  • Russell Meyer's avatar
    Russell Meyer
    Brass Contributor

    While this sounds nice, one of the beauties was defining auth policies for different connection methods, such as cert based auth for activesync devices, ip boundries for specific protocols...how will that functionality transition?

  • alamsk's avatar
    alamsk
    Copper Contributor

    We have created CAR to block PowerShell access for non admin account, can this be done with CAE?