In September 2021, we announced that the classic EAC would be deprecated for customers in our WW cloud in September 2022. Our customers gave us lots of feedback on the new design, performance of the ...
Updated Jul 24, 2023
Version 4.0
Blog Post
2 MIN READ
Final Deprecation of Classic Exchange Admin Center (EAC) in Exchange Online
This is so unbelievably short sighted. you have single handedly increased the attack surface of Outlook online by at least 10-fold.
Almost every single mailbox compromise post breach involves creating malicious inbox rules, so that attackers can live off the land while the account is compromised. By not including the ability to quickly inventory and delete inbox rules through the GUI you have created an additional road block for post incident remediation.
Additionally these inbox rules were only visible in the gui on the EAC as client side rules would not display due to the inclusion of illegal characters in the rule display name.
Please reintroduce the ability to display and delete inbox rules via the admin center, ASAP, ALL your client's security has been reduced by this poorly implemented product change. The_Exchange_Team