Post updated: 31st January 2020
The Stable release of the Google Chrome web browser (build 80, scheduled for release beginning February 17, 2020) features a change in how cookies are handled. Although the change is intended to discourage malicious cookie tracking, it's also expected to severely affect many applications and services that are based on open standards.
For more information, see SameSite Updates on the Chromium Projects website.
Microsoft is committed to addressing this change in behavior in its products and services where possible before the February 17, 2020 rollout date to ensure our customers are minimally impacted.
Exchange Online has already rolled out changes necessary to support this change and we do not anticipate any issues.
Exchange Server testing to date has determined that only a few admin hybrid related scenarios in the Exchange Admin Center are impacted by this change. We have seen no issues with day to day OWA scenarios at this time for any current and supported version of the product.
Exchange Server’s March Cumulative Updates will contain changes necessary to support this change. We will issue CU’s for Exchange Server 2016 and 2019 and we recommend upgrading to these versions to ensure compatibility. We're investigating solutions for earlier versions of Exchange Server.
Given the date of our scheduled CU’s comes after Google Chrome’s release date of February 17th there might be some issues experienced by admins in hybrid deployments.
To avoid issues, we recommend users switch to an alternate browser, or configure the EAC site/URL used by admins to be excluded from the SameSite enforcement behavior in Chrome by using the LegacySameSiteCookieBehaviorEnabledForDomainList setting.
Additional information can be found on this page.
The Exchange Team
Microsoft
