Microsoft to kill off old access rules in Exchange Online Microsoft next month will start phasing out Client Access Rules (CARs) in Exchange Online – and will do away with this means for controlling access altogether within a year. CARs are being replaced with Continuous Access Evaluation (CAE) for Azure Active Directory, which can apparently in "near-real time" pick up changes to …
for 3rd party client access?
MS could make the rules and hurdles so difficult to overcome that people will have to be forced to use Outlook or some other approved client?
If this is true then Redmond should have already allocated a hefty budget to lobby against the inevitable anti-trust cases that will be filed.
My Corporate IT overlords have already flipped the switches so it's impossible to use anything but the official Outlook app on mobile. Even contact names and calendar entries deemed top secret propriety information which don't escape the Outlook app, so you have to re-enter them manually on your own company phone.
Not even OWA (web mail) works without the appropriate Microsoft device management app also installed on the PC or mobile and naturally there are fewer requests to verify sign-on information if you use Edge instead of another browser and MS Authenticator instead of another authenticator.
Absurd and stupid, but all methods that Microsoft already use to tighten their grip.
That's why our manglement (in a decision that was uncharacteristically intelligent) mandated open standards support. Given that Exchange doesn't talk cardddav and caldav (and neither does Outlook without plugins) and that Microsoft has apparently also announced that IMAP/SMTP access will become problematic I suspect that that will spell the end of the Exchange based infrastructure.
They're already cloud-averse (thankfully) so it'll be interesting to see who gets the migration job and how they will go about it.
When Demon shifted the user email service to Namesco we unexpectedly ended up on an Office 365 licence.
With the nightmare of trying to use the service after 1 October I am looking for a non-MS supplier - it will probably be cheaper too.
Any recommendations?
The Office 365 web email access (OWA) is ridiculous. In your account you can set aliases on your domain. Incoming mail is accepted on those aliases. On IMAP you can use those aliases to send emails to different classes of correspondent.
When you send an email from OWA - there is no way to set the alias address as FROM. All your emails go out with your default address - thus exposing a significant part of your login identity. Any replies then all come in with your default address too.
A few of years ago our company tried locking the phones down to company use and information only, not for operational reasons, but because the lawyers were worried that the company could be sued for illegal stuff found on the phones* Then people started leaving their phones at work when they went home cos they didn't want to have to carry two phones around. Policy got changed pretty quickly.
*No, not porn. They were more worried about copyright of ripped music and DVDs.
I would personally use 2 phones anyway, one personal and one corporate. Screw anyone else having access to my phone (Google and Apple already have to much access as it is) and stuff being called whilst on holiday.
If you get the option take it, nothing worse using one phone only to find your personal stuff has been wiped because the Corp deemed it.
"for 3rd party client access?"
As far as I am concerned that has already happened. I've spent several weeks nibbling away at getting Pegasus v4.80 to connect to Office 365 with IMAP using the Oauth system. Tomorrow is drop-dead day - and OWA is a very poor substitute.
I haven't even got as far as entering any values in Pegasus's config. The MS instructions keep wittering on about QR codes and downloading smart phone apps. The hopeful screen shots to select "App Password" don't agree with what I see - that option is missing even though 2FA has been set for the user.
Microsoft was not my favourite supplier in recent years - but the amount of pain (sometimes body literal) is making me hate them now. My GP will not be impressed by my current regular blood pressure readings.
It was easy to make the same Pegasus transition for Google mail. It seems preferable to transfer all my emails to Google until I can find a non-MS email service to which to transfer my domain.
Any UK non-MS email service recommendations?
The same way you do already?
I assume it's because they haven't gotten around to disabling your account yet.
If they haven't done that, they are unlikely to have existing restrictions or enable new ones because of a Microsoft change.
If on the other hand they stumble upon (or are forced into) competent system administration, you maybe out of luck
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
