check before: 2025-10-10
Product:
Exchange
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
Exchange ActiveSync Certificate-Based Authentication now supports TLS 1.3, routing traffic to new tenant-location-based endpoints. Most clients will redirect seamlessly, but organizations using Secure Email Gateways may need to update firewall settings. Rollout began globally, expanding to other clouds by November 2025.
Details:
As part of our ongoing security efforts, we have made a recent change to Certificate-Based Authentication (CBA) behavior for Exchange ActiveSync. The enhancement is designed to support TLS 1.3, strengthening security and reliability for our customers.
With this change all Exchange ActiveSync CBA traffic will be routed to new, dedicated endpoints based on tenant location
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-10-10
updated:
2025-10-10
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Exchange ActiveSync is implementing TLS 1.3 for enhanced security and routing traffic through region-specific pathways, requiring organizations using a Secure Email Gateway to adjust settings for continued seamless operation.
Direct effects for Operations**
Firewall Configuration Issues
Organizations using Secure Email Gateways may experience disruptions if firewall settings are not updated to allow traffic to new CBA endpoints, potentially leading to email access issues for users.
- roles: IT Administrators, Network Engineers
- references: https://learn.microsoft.com/openspecs/exchange_server_protocols/ms-ashttp/7b7fabb9-910c-4f1c-9396-57d7ca579a31, https://aka.ms/EASTLS13
User Access Disruption
If the Secure Email Gateway is not properly configured, users may face difficulties accessing their email via Exchange ActiveSync, leading to a negative user experience.
- roles: End Users, Help Desk Support
- references: https://learn.microsoft.com/openspecs/exchange_server_protocols/ms-ashttp/7b7fabb9-910c-4f1c-9396-57d7ca579a31, https://datatracker.ietf.org/doc/html/rfc8446
Increased Support Tickets
The change may lead to an increase in support tickets as users report issues accessing email, overwhelming IT support teams if not prepared for the transition.
- roles: Help Desk Support, IT Administrators
- references: https://learn.microsoft.com/openspecs/exchange_server_protocols/ms-ashttp/7b7fabb9-910c-4f1c-9396-57d7ca579a31, https://aka.ms/EASTLS13
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 month ago ago
