Security concern regarding bypassing MFA when EWS is enabled.

Copper Contributor

Hi everyone,

Our customer (Using Exchange server 2013 standard in hybrid) has requested a support ticket regarding concerns over bypassing MFA and scraping mail. Details are in the links below.



They have disabled EWS however this causes issues with Skype and is not an option.

They would like to know officially if this bug going to be patched/fixed?

Has microsoft officially recognised this as an issue or is it of no real concern?

1 Reply

@eloopj Did you ever figure this out? This same issue just came up in our environment.