Home
%3CLINGO-SUB%20id%3D%22lingo-sub-608055%22%20slang%3D%22en-US%22%3EUpcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-608055%22%20slang%3D%22en-US%22%3E%3CP%3EOver%20the%20last%20few%20years%2C%20we%20have%20been%20investing%20in%20services%20that%20help%20developers%20access%20information%20in%20Office%20365%20in%20a%20simple%20and%20intuitive%20way%2C%20specifically%20through%20Microsoft%20Graph.%26nbsp%3B%20Microsoft%20Graph%20and%20the%20use%20of%20OAuth%202.0%20provide%20increased%20security%20and%20seamless%20integration%20with%20other%20Microsoft%20cloud%20services%20and%20is%20rapidly%20expanding%20developer%20access%20to%20the%20rich%20data%20sets%20behind%20Microsoft%20applications.%26nbsp%3B%26nbsp%3B%20As%20we%20make%20progress%20on%20this%20journey%2C%20we%20have%20continued%20to%20evaluate%20the%20role%20of%20Exchange%20Web%20Services%20(EWS).%20Today%20we%20are%20sharing%20our%20plans%E2%80%AFto%20move%20away%20from%20Basic%20Authentication%20access%20for%20EWS%20over%20the%20next%20two%20years%2C%20with%20support%20ending%20Oct.%2013%2C%202020.%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20plans%20apply%20only%20to%20the%20cloud-based%20Office%20365%2FExchange%20Online%20products%3B%20there%20are%20no%20changes%20to%20EWS%20capabilities%20of%20on-premises%20Exchange%20products.%26nbsp%3B%3C%2FP%3EExchange%20Web%20Services%20will%20not%20receive%20feature%20updates%26nbsp%3BStarting%20today%2C%20Exchange%20Web%20Services%20(EWS)%20will%20no%20longer%20receive%20feature%20updates.%20While%20the%20service%20will%20continue%20to%20receive%20security%20updates%20and%20certain%20non-security%20updates%2C%20product%20design%20and%20features%20will%20remain%20unchanged.%20This%20change%20also%20applies%20to%20the%20EWS%20SDKs%20for%20%3CA%20href%3D%22http%3A%2F%2Fsearch.maven.org%2F%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EJava%3C%2FA%3E%20and%20.%3CA%20href%3D%22https%3A%2F%2Fwww.nuget.org%2Fpackages%2FMicrosoft.Exchange.WebServices%2F%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ENET%3C%2FA%3E%20as%20well.%26nbsp%3B%20While%20we%20are%20no%20longer%20actively%20investing%20in%20it%2C%20EWS%20will%20still%20be%20available%20and%20supported%20for%20use%20in%20production%20environments.%26nbsp%3B%20However%2C%20we%20strongly%20suggest%20migrating%20to%20Microsoft%20Graph%20to%20access%20Exchange%20Online%20data%20and%20gain%20access%20to%20the%20latest%20features%20and%20functionality.%20For%20more%20information%20and%20details%20on%20how%20to%20make%20the%20transition%2C%20please%20refer%20to%20the%20following%20articles%3A%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fdocs%2Fconcepts%2Foverview%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOverview%20of%20Microsoft%20Graph%3C%2FA%3E%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fdocs%2Fconcepts%2Foutlook-mail-concept-overview%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOverview%20of%20Outlook%20mail%20API%20on%20Microsoft%20Graph%3C%2FA%3E%26nbsp%3BWhile%20EWS%20and%20Graph%20have%20mostly%20overlapping%20functionality%2C%20there%20are%20some%20differences.%20If%20you%20rely%20on%20an%20EWS%20API%20that%20does%20not%20have%20a%20Graph%20counterpart%2C%20please%20let%20us%20know%20via%20%3CA%20href%3D%22https%3A%2F%2Fofficespdev.uservoice.com%2F%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EUserVoice%3C%2FA%3E%20of%20features%20needed%20for%20your%20app%20scenarios.%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Basic%20Authentication%20for%20EWS%20will%20be%20decommissioned%26nbsp%3BExchange%20Web%20Services%20(EWS)%20was%20launched%20with%20support%20for%20Basic%20Authentication.%20Over%20time%2C%20we've%20introduced%20OAuth%202.0%20for%20authentication%20and%20authorization%2C%20which%20is%20a%20more%20secure%20and%20reliable%20way%20than%20Basic%20Authentication%20to%20access%20data.%20Please%20refer%20to%20the%20following%20article%20for%20more%20information%3A%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fdocs%2Fconcepts%2Fauth_overview%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EGetting%20started%20with%20OAuth2%3C%2FA%3E%20for%20Microsoft%20Graph%26nbsp%3B%20Today%2C%20we%20are%20announcing%20that%20on%20October%2013th%2C%202020%20we%20will%20stop%20supporting%20and%20fully%20decommission%20the%20Basic%20Authentication%20for%20EWS%20to%20access%20Exchange%20Online.%20This%20means%20that%20new%20or%20existing%20apps%20will%20not%20be%20able%20to%20use%20Basic%20Authentication%20when%20connecting%20to%20Exchange%20using%20EWS.%26nbsp%3B%26nbsp%3B%20Next%20Steps%26nbsp%3BThe%20deprecation%20of%20these%20APIs%20follows%20our%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F30881%2Fmodern-lifecycle-policy%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Eservice%20deprecation%20policies%3C%2FA%3E.%20We%20understand%20changes%20like%20this%20may%20cause%20some%20inconvenience%2C%20but%20we%20are%20confident%20it%20will%20ensure%20more%20secure%2C%20reliable%2C%20and%20performant%20experiences%20for%20our%20customers.%26nbsp%3B%20We're%20here%20to%20help%20if%20you%20need%20it.%20If%20you%20have%20questions%2C%20please%20let%20us%20know%20in%20%3CA%20href%3D%22https%3A%2F%2Fstackoverflow.com%2Fquestions%2Ftagged%2Fmicrosoftgraph%3Fsort%3Dnewest%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EStack%20Overflow%20with%20the%20%5BMicrosoftGraph%5D%3C%2FA%3E%20tag.%26nbsp%3B%20Thank%20you%20in%20advance%20for%20updating%20and%20opening%20your%20apps%20to%20a%20wider%20range%20of%20useful%20and%20intelligent%20features%20on%20Microsoft%20Graph.%20We%20are%20extremely%20excited%20about%20the%20growing%20opportunities%20that%20Microsoft%20Graph%20offers%20to%20our%20customers%2C%20and%20we%20remain%20fully%20committed%20to%20continue%20our%20journey%20to%20empower%20developers%20to%20access%20Office%20365%20data%20with%20the%20most%20modern%20features%20and%20tools.%26nbsp%3B%20Frequently%20Asked%20Questions%26nbsp%3B%26nbsp%3BQ%3A%20Will%20my%20application%20stop%20working%20when%20you%20make%20this%20change%3F%26nbsp%3B%20A%3A%20It%20might%2C%20yes%2C%20it%20depends%20on%20the%20app%20itself%20and%20how%20it%20was%20coded.%20If%20it%E2%80%99s%20using%20EWS%2C%20and%20if%20it%E2%80%99s%20using%20Basic%20authentication%20then%20yes%2C%20on%20October%2013th%202020%20it%20will%20fail%20to%20connect.%20However%2C%20if%20the%20app%20is%20using%20Modern%20Auth%2FOAuth%2C%20then%20no%2C%20it%20will%20keep%20working%20as%20it%20did%20before.%26nbsp%3B%26nbsp%3B%20Q%3A%20Why%20October%2013th%202020%3F%20Why%20that%20date%3F%26nbsp%3B%20A%3A%20Starting%20October%2013%2C%202020%2C%20Office%20365%20ProPlus%20or%20Office%20perpetual%20in%20mainstream%20support%20will%20be%20required%20to%20connect%20to%20Office%20365%20services.%20This%20announcement%20is%20posted%20here%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fblog%2F2017%2F04%2F20%2Foffice-365-proplus-updates%2F%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOffice%20365%20ProPlus%20Updates%3C%2FA%3E.%26nbsp%3B%26nbsp%3B%20This%20change%20requires%20that%20Office%202013%2FOffice%202016%20are%20also%20required%20to%20use%20Modern%20Auth.%20Please%20see%20this.%20Q%3A%20Our%20in-house%20team%20created%20an%20app%20for%20meeting%20room%20scheduling%2C%20how%20do%20we%20go%20about%20changing%20that%20over%20to%20Graph%20and%20OAuth2.0%3F%26nbsp%3B%26nbsp%3B%20A%3A%20Don%E2%80%99t%20forget%20you%20can%20keep%20using%20EWS%20if%20you%20want%20to%2C%20so%20then%20really%2C%20it%E2%80%99s%20just%20the%20question%20of%20authentication.%20To%20get%20a%20better%20understanding%20of%20how%20to%20use%20OAuth%202.0%20take%20a%20look%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Fexchange-web-services%2Fhow-to-authenticate-an-ews-application-by-using-oauth%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehere%3C%2FA%3E.%20Q%3A%20How%20does%20this%20impact%20my%20On-Premises%20Exchange%20deployment%3F%26nbsp%3B%20A%3A%20It%20does%20not.%20This%20change%20only%20affects%20Exchange%20Online.%26nbsp%3B%26nbsp%3B%20Q%3A%20We%20require%20Modern%20Authentication%20%2B%20Multi%20Factor%20Auth%20for%20all%20our%20Outlook%20users%20connecting%20to%20O365%2C%20how%20do%20apps%20work%20when%20I%20have%20that%20set%20as%20a%20requirement%3F%26nbsp%3B%20A%3A%20Applications%20can%20be%20written%20so%20they%20are%20treated%20as%20%E2%80%98trusted%20applications%E2%80%99.%20That%20way%20they%20can%20bypass%20the%20MFA%20requirement%2C%20more%20details%20are%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-mfasettings%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehere%3C%2FA%3E.%20Q%3A%20How%20do%20I%20know%20which%20of%20my%20apps%20use%20Basic%20authentication%20to%20EWS%3F%26nbsp%3B%20A%3A%20If%20you%20only%20use%20Outlook%20to%20connect%20to%20Exchange%20Online%20then%20you%20don%E2%80%99t%20need%20to%20worry%2C%20as%20long%20as%20you%20are%20using%20Office%202019%20or%20Office%202019%20Pro%20Plus%20you%E2%80%99ll%20be%20fine%20come%20October%202020.%20However%2C%20if%20you%20also%20have%20integrated%20apps%20into%20your%20Office%20365%20tenant%20you%E2%80%99ll%20need%20to%20check%20with%20the%20application%20developers%20to%20verify%20how%20it%20authenticates%20to%20Exchange%20Online%20if%20you%20aren%E2%80%99t%E2%80%99%20sure.%20We%20are%20investigating%20how%20we%20can%20share%20this%20information%20with%20tenant%20admins%2C%20but%20have%20nothing%20available%20at%20the%20time%20of%20writing%20this%20blog.%26nbsp%3B%26nbsp%3B%20Q%3A%20What%20features%20does%20EWS%20have%20that%20Graph%20can%E2%80%99t%20provide%3F%26nbsp%3B%20A%3A%20Graph%20is%20constantly%20evolving%20and%20adding%20features%20and%20functionality%20to%20provide%20the%20richest%20set%20of%20experiences%20we%20can.%20To%20see%20the%20latest%20features%20we%E2%80%99ve%20added%20to%20Graph%2C%20go%20here%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2Fdocs%2Fconcepts%2Foutlook-mail-concept-overview%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOverview%20of%20Outlook%20mail%20API%20on%20Microsoft%20Graph%3C%2FA%3E%26nbsp%3B%20Q%3A%20Will%20this%20affect%20my%20Exchange%20Hybrid%20configuration%3F%20Exchange%20On-Premises%20calls%20into%20Exchange%20Online%20using%20EWS%20doesn%E2%80%99t%20it%3F%26nbsp%3B%20A%3A%20Yes%2C%20it%20does.%20But%20it%20doesn%E2%80%99t%20use%20Basic%20Authentication%2C%20it%20uses%20token-based%20authentication%2C%20and%20it%E2%80%99s%20described%20in%20this%20blog%20post.%20How%20Hybrid%20Authentication%20Really%20Works.%26nbsp%3B%26nbsp%3B%20The%20Exchange%20Team%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-608055%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Edevelopment%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868279%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868279%22%20slang%3D%22en-US%22%3E%3CP%3EI%20received%20a%20reminder%20from%20Microsoft%20office%20365%20message%20center%20about%20this%20and%20it%20referenced%3A%3C%2FP%3E%3CP%3E%22Beginning%20October%2013%2C%202020%2C%20we%20will%20retire%20Basic%20Authentication%20for%20EWS%2C%20EAS%2C%20IMAP%2C%20POP%20and%20RPS%20to%20access%20Exchange%20Online.%20Note%3A%20this%20change%20does%20not%20impact%20SMTP%20AUTH%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20does%20this%20mean%20that%20all%20mobile%20clients%20and%20desktop%20clients%20will%20be%20forced%20to%20use%20one%20of%20these%20clients%3F%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%3EOutlook%202013%20(with%20reg%20keys%20to%20enable%20Modern%20Auth)%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EOutlook%202016%20for%20Mac%20or%20later%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EOutlook%20for%20iOS%20and%20Android%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EMail%20for%20iOS%2011.3.1%20or%20later%3C%2FP%3E%3C%2FLI%3E%3CLI%3EOutlook%20Web%3C%2FLI%3E%3CLI%3EOutlook%202016%20and%2For%20Outlook%202019%3C%2FLI%3E%3C%2FUL%3E%3CP%3EWill%20any%20other%20clients%20function%20or%20are%20any%20on%20the%20list%20above%20susceptible%20of%20not%20functioning%20after%20Basic%20Auth%20is%20disabled%3F%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868290%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868290%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20some%20low%20use%20employees%20who%20only%20use%20Google%20Chrome%2FSafari%20to%20check%20basic%20email%20and%20calendar%20information%20while%20away%20from%20work%20(without%20the%20Android%20or%20iOS%20Outlook%20apps).%3C%2FP%3E%3CP%3EAre%20these%20users%2Faccounts%20impacted%20by%20these%20changes%20as%20well%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868302%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868302%22%20slang%3D%22en-US%22%3EI%20have%20also%20received%20a%20notification%2C%20ios%20version%2012.4%20still%20uses%20%22exchange%22%20to%20receive%20mail%2C%20I%20feel%20the%20%22outlook%22%20on%20ios%20is%20not%20very%20optimal%20.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868496%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868496%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20another%20garbage%20decision%20that%20is%20hostile%20to%20customers%20while%20providing%20only%20modest%20increases%20to%20the%20massive%20plague%20of%20security%20issues%20that%20haunt%20O365.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20of%20that%20time%20spent%20deprecating%20SSL%20and%20flawed%20versions%20of%20TLS%20just%20to%20ultimately%20cancel%20basic%20auth%20altogether.%20What%20a%20boneheaded%20sense%20of%20misdirection%20that%20causes%20customers%20grief%20and%20a%20never%20ending%20churn%20of%20updates%20that%20provide%20nearly%20zero%20value%20for%20many%20use%20cases.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20keep%20wondering%20what%20the%20world%20will%20be%20like%20for%20O365%20customers%20who%20choose%20to%20host%20their%20email%20somewhere%20else.%20Sadly%20it%20seems%20the%20answer%20to%20that%20question%20is%20growing%20more%20important%20every%20day.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868790%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868790%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20this%20mean%20that%20App%20Passwords%20will%20no%20longer%20be%20usable%20on%20native%20Android%20mail%20%2F%20contacts%20%2F%20calendar%20app%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20so%2C%20please%20make%20sure%20Outlook%20for%20Android%20can%20do%20complete%2C%20automatic%2C%20in%20the%20background%2C%20two-way%20sync%20with%20our%20contacts%20stored%20on%20Exchange%20Online%2C%20similar%20to%20the%20way%20it%20works%20with%20Outlook%202016%2F2019%20for%20Windows%20Desktop.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20vital%20that%20we%20be%20able%20to%20update%20contacts%20on%20our%20mobile%20devices%20and%20have%20them%20sync%20to%20the%20cloud%20reliably%20and%20transparently%2C%20and%20that%20contacts%20modified%20on%20other%20mobile%20or%20desktop%20devices%20update%20on%20all%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-881617%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-881617%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20this%20changes%20affects%20plug-ins%20developed%20for%20Outlook%20windows%20application%20accessing%20Office%20365%20accounts%3F%20Thanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916370%22%20slang%3D%22en-US%22%3ERe%3A%20Upcoming%20changes%20to%20Exchange%20Web%20Services%20(EWS)%20API%20for%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916370%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F4769%22%20target%3D%22_blank%22%3E%40Steven%20Seligman%3C%2FA%3E%26nbsp%3B%20had%20a%20good%20question.%20What%20happens%20with%20App%20Passwords%20and%20MFA%20users.%26nbsp%3B%20Will%20they%20not%20be%20able%20to%20use%20Outlook%20Desktop%3F%26nbsp%3B%20Kind%20of%20sounds%20like%20it.%26nbsp%3B%20I've%20got%20to%20be%20missing%20something.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20656px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F137808iF0B6A2EFE9701100%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22basic.jpg%22%20title%3D%22basic.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%23authentication-policy-procedures-in-exchange-online%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%23authentication-policy-procedures-in-exchange-online%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%22Blocking%20Basic%20authentication%20will%20block%20app%20passwords%20in%20Exchange%20Online.%22%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E

Over the last few years, we have been investing in services that help developers access information in Office 365 in a simple and intuitive way, specifically through Microsoft Graph.  Microsoft Graph and the use of OAuth 2.0 provide increased security and seamless integration with other Microsoft cloud services and is rapidly expanding developer access to the rich data sets behind Microsoft applications.   As we make progress on this journey, we have continued to evaluate the role of Exchange Web Services (EWS). Today we are sharing our plans to move away from Basic Authentication access for EWS over the next two years, with support ending Oct. 13, 2020.   

These plans apply only to the cloud-based Office 365/Exchange Online products; there are no changes to EWS capabilities of on-premises Exchange products. 

Exchange Web Services will not receive feature updates 

Starting today, Exchange Web Services (EWS) will no longer receive feature updates. While the service will continue to receive security updates and certain non-security updates, product design and features will remain unchanged. This change also applies to the EWS SDKs for Java and .NET as well.  While we are no longer actively investing in it, EWS will still be available and supported for use in production environments.  However, we strongly suggest migrating to Microsoft Graph to access Exchange Online data and gain access to the latest features and functionality. For more information and details on how to make the transition, please refer to the following articles:  While EWS and Graph have mostly overlapping functionality, there are some differences. If you rely on an EWS API that does not have a Graph counterpart, please let us know via UserVoice of features needed for your app scenarios.   

Basic Authentication for EWS will be decommissioned 

Exchange Web Services (EWS) was launched with support for Basic Authentication. Over time, we've introduced OAuth 2.0 for authentication and authorization, which is a more secure and reliable way than Basic Authentication to access data. Please refer to the following article for more information:  Getting started with OAuth2 for Microsoft Graph  Today, we are announcing that on October 13th, 2020 we will stop supporting and fully decommission the Basic Authentication for EWS to access Exchange Online. This means that new or existing apps will not be able to use Basic Authentication when connecting to Exchange using EWS.  

Next Steps 

The deprecation of these APIs follows our service deprecation policies. We understand changes like this may cause some inconvenience, but we are confident it will ensure more secure, reliable, and performant experiences for our customers.  We're here to help if you need it. If you have questions, please let us know in Stack Overflow with the [MicrosoftGraph] tag.  Thank you in advance for updating and opening your apps to a wider range of useful and intelligent features on Microsoft Graph. We are extremely excited about the growing opportunities that Microsoft Graph offers to our customers, and we remain fully committed to continue our journey to empower developers to access Office 365 data with the most modern features and tools. 

Frequently Asked Questions  

Q: Will my application stop working when you make this change?  A: It might, yes, it depends on the app itself and how it was coded. If it’s using EWS, and if it’s using Basic authentication then yes, on October 13th 2020 it will fail to connect. However, if the app is using Modern Auth/OAuth, then no, it will keep working as it did before.   Q: Why October 13th 2020? Why that date?  A: Starting October 13, 2020, Office 365 ProPlus or Office perpetual in mainstream support will be required to connect to Office 365 services. This announcement is posted here Office 365 ProPlus Updates  This change requires that Office 2013/Office 2016 are also required to use Modern Auth. Please see this. Q: Our in-house team created an app for meeting room scheduling, how do we go about changing that over to Graph and OAuth2.0?   A: Don’t forget you can keep using EWS if you want to, so then really, it’s just the question of authentication. To get a better understanding of how to use OAuth 2.0 take a look here. Q: How does this impact my On-Premises Exchange deployment?  A: It does not. This change only affects Exchange Online.   Q: We require Modern Authentication + Multi Factor Auth for all our Outlook users connecting to O365, how do apps work when I have that set as a requirement?  A: Applications can be written so they are treated as ‘trusted applications’. That way they can bypass the MFA requirement, more details are here. Q: How do I know which of my apps use Basic authentication to EWS?  A: If you only use Outlook to connect to Exchange Online then you don’t need to worry, as long as you are using Office 2019 or Office 2019 Pro Plus you’ll be fine come October 2020. However, if you also have integrated apps into your Office 365 tenant you’ll need to check with the application developers to verify how it authenticates to Exchange Online if you aren’t’ sure. We are investigating how we can share this information with tenant admins, but have nothing available at the time of writing this blog.   Q: What features does EWS have that Graph can’t provide?  A: Graph is constantly evolving and adding features and functionality to provide the richest set of experiences we can. To see the latest features we’ve added to Graph, go here Overview of Outlook mail API on Microsoft Graph  Q: Will this affect my Exchange Hybrid configuration? Exchange On-Premises calls into Exchange Online using EWS doesn’t it?  A: Yes, it does. But it doesn’t use Basic Authentication, it uses token-based authentication, and it’s described in this blog post. How Hybrid Authentication Really Works  The Exchange Team
11 Comments
Not applicable
Thank you for the post!
Occasional Visitor
Currently, accessing our O365 mail accounts via EWS is dirt simple (and we have a federated, government domain and in five {5} lines of code, we bind to what we want) : $Service = [Microsoft.Exchange.WebServices.Data.ExchangeService]::new([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2013_SP1) $Service.Credentials = [System.Net.NetworkCredential]::new($UserName, $Password, $Domain) $Service.Url = "https://outlook.office365.com/EWS/Exchange.asmx" $Folderid = new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Tasks, $mailbox) $Folder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($Service, $Folderid) The users simply give whatever permissions they want to our service account in their native Outlook clients through their normal method of sharing, and poof - we have mail, calendar and task access - all controlled by the email user. So........are there any EXAMPLES that "translate" the dirt simple approach above into an OAUTH2 approach?
Visitor

I received a reminder from Microsoft office 365 message center about this and it referenced:

"Beginning October 13, 2020, we will retire Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online. Note: this change does not impact SMTP AUTH"

 

So does this mean that all mobile clients and desktop clients will be forced to use one of these clients?

  • Outlook 2013 (with reg keys to enable Modern Auth)

  • Outlook 2016 for Mac or later

  • Outlook for iOS and Android

  • Mail for iOS 11.3.1 or later

  • Outlook Web
  • Outlook 2016 and/or Outlook 2019

Will any other clients function or are any on the list above susceptible of not functioning after Basic Auth is disabled?

Thanks

Occasional Visitor

We have some low use employees who only use Google Chrome/Safari to check basic email and calendar information while away from work (without the Android or iOS Outlook apps).

Are these users/accounts impacted by these changes as well?

Occasional Visitor
I have also received a notification, ios version 12.4 still uses "exchange" to receive mail, I feel the "outlook" on ios is not very optimal .
Occasional Visitor

This is another garbage decision that is hostile to customers while providing only modest increases to the massive plague of security issues that haunt O365.

 

All of that time spent deprecating SSL and flawed versions of TLS just to ultimately cancel basic auth altogether. What a boneheaded sense of misdirection that causes customers grief and a never ending churn of updates that provide nearly zero value for many use cases.

 

I keep wondering what the world will be like for O365 customers who choose to host their email somewhere else. Sadly it seems the answer to that question is growing more important every day.

Contributor

Does this mean that App Passwords will no longer be usable on native Android mail / contacts / calendar app? 

 

If so, please make sure Outlook for Android can do complete, automatic, in the background, two-way sync with our contacts stored on Exchange Online, similar to the way it works with Outlook 2016/2019 for Windows Desktop. 

 

It is vital that we be able to update contacts on our mobile devices and have them sync to the cloud reliably and transparently, and that contacts modified on other mobile or desktop devices update on all devices.

Occasional Visitor

Hi,

 

Will this changes affects plug-ins developed for Outlook windows application accessing Office 365 accounts? Thanks.

Occasional Contributor

 @Steven Seligman  had a good question. What happens with App Passwords and MFA users.  Will they not be able to use Outlook Desktop?  Kind of sounds like it.  I've got to be missing something.  

basic.jpg

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authen...

 

"Blocking Basic authentication will block app passwords in Exchange Online."

Occasional Visitor

We have a 3rd party system which connects through anonymous smtp (no login credentials) to exchange online. will this be also not working after this change?

Occasional Visitor

We have a small program using CDO library.

 

Are the programs using CDO going to be affected?