Microsoft is shutting down Exchange Web Services (EWS) — the nearly 20-year-old API that Exchange uses for hybrid coexistence — in Exchange Online in two phases: a soft block on October 1, 2026, and a permanent hard shutdown on April 1, 2027. If you run Exchange in hybrid mode, meaning some mailboxes are on-premises and some are in Microsoft 365, this requires a two-step migration. The first step should already be complete; the second step must be finished before October 2026 and requires Exchange Server Subscription Edition (SE). Microsoft has confirmed there will be no exceptions past April 2027.

Source

Microsoft announced agentic features for Copilot in Outlook, expanding from single-task assistance to continuous, multi-step automation of email and calendar work. These features let Copilot act independently on your behalf — prioritizing messages, drafting follow-ups, responding to meeting invites, and resolving scheduling conflicts. Access is currently limited to Microsoft's Frontier early-access program and requires a Microsoft 365 Copilot license. This article explains what the new features do, what your infrastructure must look like, and how you enable access as an administrator.

Source

Microsoft announced a breaking change to the Microsoft Graph API affecting Exchange Online: from December 31, 2026, applications that modify sensitive email properties -- such as the subject, body, or recipients -- on delivered messages must hold elevated Mail-Advanced.ReadWrite permissions. Until now, the standard Mail.ReadWrite permission was sufficient for these operations. The new permissions require explicit approval from the tenant administrator ("admin consent"). If you operate Microsoft 365 and have custom applications or third-party tools that interact with email via the Graph API, you need to audit and potentially update these apps before the enforcement date.

Source

Exchange Online now lets you choose, per outbound connector, whether SMTP DANE and MTA-STS are enforced opportunistically, mandatorily (for DANE), or not at all. These new connector modes give you granular control over how strictly Exchange Online enforces modern email security standards when sending mail to external domains.

Source

Microsoft is developing Priority Cleanup V2, an updated data-purging feature in Microsoft Purview that deletes Exchange Online mailbox content even when protected by retention policies or eDiscovery holds. This proposed version is designed to reduce the number of approval stages from three to two, accelerate deletion from days to hours, and introduce batch-processing safeguards.

Source

Microsoft is retiring Exchange Web Services (EWS) in Exchange Online, with a phased shutdown beginning October 1, 2026, and complete retirement by April 1, 2027. You must migrate your applications to the Microsoft Graph API before the final deadline to maintain access to Exchange Online mailboxes. This retirement only affects Exchange Online in Microsoft 365 environments and does not impact on-premises Exchange Server installations. Organizations using EWS-dependent applications face service interruptions unless they transition to supported alternatives. The nearly 20-year-old protocol no longer meets modern security, scale, and reliability requirements.

Source