The Information Highway

The Information Highway

Font size: +
2 minutes reading time (406 words)

Microsoft delays Exchange Online CARs deprecation until 2024

Microsoft announced today that Client Access Rules (CARs) deprecation in Exchange Online will be delayed by one year until September 2024.

Microsoft 365 administrators can utilize CARs comprising priority values, exceptions, actions, and conditions to filter client access to Exchange Online using various factors.

These factors include the client's IP addresses and authentication type, as well as the protocol, application, or service they use to establish connections. In essence, once configured, they help control access to Exchange Online resources within an organization.

In a previous announcement from September 2022, the company said the old Exchange Online access rules would be phased out until September 2023.

The following month, Redmond disabled CARs cmdlets in tenants where they weren't used to promote the switch to more secure alternatives such as Azure Active Directory (AAD) conditional access (CA) and continuous access evaluation (CAE).

The phase-out delay was prompted by the impossibility of migrating some CARs to Azure AD CA and CAE until the initial deadline, in some cases, because of the need for proper support.

"We have been working with customers to learn how they use CARs and how they can migrate to these newer features, but we have encountered a few scenarios where it's not possible to migrate current rules," said The Exchange Team on Friday.

"For these scenarios, we will allow the use of CARs beyond the previously announced September 2023 deadline until we can support them."

Updated client access rules deprecation timeline (Microsoft)

Until the final retirement deadline is reached next year, Microsoft is waiting for customers to request help migrating their CARs to the new access control options via support tickets.

"We understand that migrating from CARs to Conditional Access and CAE requires some planning and testing, and we are here to help you with this process," The Exchange Team added.

"If there is a technical reason preventing you from migrating your CARs, please open a support ticket so we can investigate and understand your needs."

As Redmond explained in September 2022, switching from old Exchange Online access rules to conditional access would add extra resiliency by ensuring tenant policy change enforcement in almost real-time and proactively terminating active user sessions.

Microsoft also recently warned customers that basic authentication would be disabled in random tenants to boost Exchange Online security starting October 1, 2022.

The warning followed multiple reminders Redmond issued over the last three years, the first of which was published in September 2019.

Western Digital struggles to fix massive My Cloud ...
CISA orders agencies to patch Backup Exec bugs use...
 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023