Security News > 2022 > September > Microsoft to kill off old access rules in Exchange Online

Microsoft next month will start phasing out Client Access Rules in Exchange Online - and will do away with this means for controlling access altogether within a year.

CARs are being replaced with Continuous Access Evaluation for Azure Active Directory, which can apparently in "Near-real time" pick up changes to access controls, user accounts, and the network environment and enforce the latest rules and policies as needed, according to a notice this week from Microsoft's Exchange Team.

"Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023," the advisory read. "We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules."

CARs is used by Microsoft 365 administrators to allow or block client connections to Exchange Online based on a variety of characteristics set forth in policies and rules.

"You can prevent clients from connecting to Exchange Online based on their IP address, authentication type, and user property values, and the protocol, application, service, or resource that they're using to connect," according to a Microsoft document from earlier this year.

Microsoft unboxes Exchange Online certification in bid to push customers off-prem.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/28/microsoft_exchange_online_cars/