Microsoft will implement temporary and permanent blocks on Exchange Web Services (EWS) traffic in hybrid environments starting August 2025, affecting organizations with certain coexistence setups. Moving to dedicated hybrid applications enhances security by reducing exposure to vulnerabilities like CVE-2025-53786, and organizations must update their Exchange servers accordingly. #ExchangeHybrid #EWSBlock
Keypoints
- Microsoft will temporarily block EWS traffic in hybrid Exchange environments starting August 2025.
- The permanent block will occur on October 31, 2025, disabling shared service principal access for rich coexistence features.
- Only organizations with on-premises and cloud mailboxes using rich coexistence features are affected.
- Updating Exchange Server and creating the dedicated hybrid app are essential steps to prevent feature disruption.
- Supporting tools like the Hybrid Configuration Wizard facilitate the setup of the dedicated hybrid app and must be used for compliance.
Read More: https://thecyberexpress.com/exchange-web-services-changes/