Beginning June 2023, we will begin to return errors for any requests made for mailboxes that remain on-premises.
Since we announced we were making it possible for developers to use REST APIs to work with both cloud and on-premises mailboxes back in 2016, we’ve seen low and now decreasing adoption rates. Primarily because so many of our customers have moved all, or most of their mailboxes into Exchange Online. Moving mailboxes to the cloud is the strategic direction the vast majority of our customers are taking, and so we are aligning our investments accordingly.
What does this mean to those who write code against Exchange mailboxes and are impacted? Here are the most common questions we expect to be asked, but please do add comments below if we have not addressed your concerns.
When will you begin preventing REST API requests from reaching On-Premises Mailboxes? We will begin to return errors for requests made for mailboxes that remain on-premises from June 2023.
How will we know if we are impacted by this change? We will be sending Message Center (MC) posts to affected tenants near end of March 2023, mentioning specific App IDs.
What API(s) should I use to work with Hybrid Orgs, where some mailboxes are in Exchange Online, and some are on Exchange Server? You should continue to use Graph to work with Exchange Online mailboxes, and use Exchange Web Services (EWS) to work with Exchange Server (on-premises) mailboxes.
I thought EWS was going away, though? In 2018 we announced EWS in Exchange Online would no longer receive feature updates. But we have no plans currently to change the way EWS works on-premises, so using Graph for Exchange Online and EWS for Exchange Server on-premises is the current recommendation.
If you choose to continue using EWS against Exchange Online mailboxes you should ensure that it uses OAuth (as Basic Authentication is being turned off in Exchange Online). You should also know that it now allows restricting access to mailboxes access through mailbox access policies.
In closing, we know some of our customers and partners have built solutions based on a preview feature we released some years ago, and we understand that updating code to remove this dependency might be time consuming. However, we need to invest our resources in building highly scalable, secure and robust solutions that both reflect Microsoft’s strategic imperatives and focus on the technologies we see our customers adopting. In this case, it’s Exchange Online.