Always Cloud, Always Microsoft 365, ...
I want to compare two ways to authorize applications in Exchange Online: the legacy Application Access Policies and the modern Role-Based Access Control (RBAC) for applications. It explains the core concept, what’s supported, and how to set up and test:
This explains how Centralized Mail Transport (CMT) in an Exchange hybrid configuration can coexist with journaling. The typical scenario is that Exchange Online mailboxes route outbound mail through On-Prem infrastructure. You can also route journal reports (copies of messages for compliance/archive) to a 3rd-party archiving product by creating a custom connector.
Enable the most secure MFA method which is registered by the User, may more methods are available but not yet configured:
System-preferred multifactor authentication (MFA) prompts users to sign in by using the most secure method they registered. Administrators can enable system-preferred MFA to improve sign-in security and reduce less secure sign-in methods like Short Message Service (SMS). Users don't need to set any authentication method as their default because the system always chooses and presents the most secure method they registered.
Recipient Management can be challenging, especially in Hybrid Environments. The classic's are starting with not using Exchange Management Tools and instead solely relying on Active Directory management tools, which is not supported by Microsoft. Further into mutations there are other cases, like switching Mailbox types to or from Shared Mailboxes. There is surely not always a direct impact, over time however we can mostly see many of them.
Microsoft has sometime ago announced the retirement of Exchange Web Services (EWS) for Exchange Online. Starting October 1, 2026, all EWS requests to Exchange Online will be blocked. Organizations using EWS for applications, integrations, or custom tools should begin transitioning to supported alternatives such as Microsoft Graph.
Exchange Server: No changes applied
You are currently using Send-MailMessage with Basic Auth. and want to transition to Modern Authentication?
May this PowerShell Module assists you, without having to rewriting your routine with Microsoft Graph directly.
Send-MailMessage translation to Microsoft GraphSend emails in PowerShell via Graph API, or SMTP (MailKit) with Modern Auth (OAuth) support.
Microsoft Entra ID provides Managed Conditional Access Policies to help organizations enforce security best practices. These pre-configured policies simplify implementation while ensuring key protections like multifactor authentication (MFA) and blocking legacy authentication. They will be extended in February 2025 and after a 45 trial period automatically activated:
The Cumulative Update 15 (CU15, 2025 H1) for Exchange Server 2019 is now available. This is the final CU for Exchange Server 2019 and brings several enhancements and fixes for known issues. CU15 also includes support for Windows Server 2025, allowing organizations to deploy Exchange Server 2019 on the latest server platform.
What's new in the Exchange Powershell Module, and what are the reasons?
ExchangeOnlineManagement 3.7.0 brings several updates and enhancements to the Exchange Online PowerShell module. This release introduces new features like extended message trace history, optional help file loading, and improvements to inbound IPv6 support. Additionally, Microsoft has updated the timeline for external recipient rate limits and introduced new cmdlets for managing these changes.
The New Outlook for Windows is here, delivering a seamless, productive, and familiar experience for commercial customers. This version integrates advanced productivity features and the latest innovations. Microsoft has planned a migration process (staged rollout) to ensure a predictable transition, with an opt-out option available for those not ready to switch. Early adopters can benefit from a 10–20% reduction in Outlook incidents, making this transition a win for reliability and efficiency.