Microsoft to end Client Access Rules support in Exchange Online by 2023
The deprecation process will begin as early as October 2022, according to reports

Microsoft has announced it will retire Client Access Rules (CARs) in its Exchange Online platform by September 2023.
CARs allow Microsoft 365 administrators to filter client access to Exchange Online by combining conditions, exceptions, actions, and priorities.
RELATED RESOURCE
Move to business messaging and let richer connections begin
Creating better customer relationships with high-value conversations
"Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023," the Exchange Team said.
"We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules."
Per reports, beginning October 2022, the company will disable client access rules for unused tenants. By September 2023, Microsoft will assist all remaining tenants in migrating from CARs to newer access control features such as continuous access evaluation (CAE)
"Now with new features, like Continuous Access Evaluation (CAE) that allows Azure Active Directory applications to subscribe to critical events, that can then be evaluated and enforced in near real time; you can have better control while also adding resiliency to your organization," the Exchange Team added.
As part of its effort to bolster Exchange Online’s safeguards, Microsoft has also warned customers that basic authentication will be disabled by October 1, for randomly selected tenants.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
-
New chapter, same partners: Keeping the channel aligned with change
Industry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
Palo Alto Networks snaps up CyberArk in identity security push
News The acquisition marks the latest in a string for Palo Alto Networks
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem
News More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding scheme
The funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
Modern enterprise cybersecurity
whitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainability
whitepaper CIOs are facing two conflicting strategic imperatives
-
The complete guide to the NIST cybersecurity framework
Whitepaper Find out how the NIST Cybersecurity framework is evolving
-
Are you prepared for the next attack? The state of application security in 2024
Webinar Aligning to NIS2 cybersecurity risk-management obligations in the EU
-
The economics of penetration testing for web application security
whitepaper Get the most value from your security solution
-
How to extend zero trust to your cloud workloads
Whitepaper Implement zero trust-based security across your entire ecosystem