MC718754 – (Updated) Retirement of RBAC Application Impersonation in Exchange Online

Microsoft Exchange Logo

check before: 2025-01-31

Product:

Exchange, Microsoft 365 Apps

Platform:

Developer, Online, Web, World tenant

Status:

Change type:

User impact, Admin impact, Retirement

Links:

Details:

Summary:
The RBAC Application Impersonation role in Exchange Online is retiring, with the process starting in September 2024 and completion in February 2025. Applications must be updated to avoid disruption, using App Registration and Application permissions. For guidance, visit the provided links.

Details:
Updated November 8, 2024: We are following up on our previous announcement regarding the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online. As the February 2025 deprecation date is approaching, it is important to follow the guidance in this Message Center post and take action now to ensure applications in your tenant are not using this feature. After this date, applications using this feature that are not updated will no longer work. For additional information, please go to: https://aka.ms/applicationimpersonationdeprecation
We are announcing the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online.
[When this will happen:]
We will begin the retirement in September 2024 (previously May) and in February 2025 will remove this role and its feature set from Exchange Online.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-02-24

updated:
2024-11-09

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Disruption of Application Functionality
Applications relying on RBAC Application Impersonation will fail to function post-deprecation, leading to potential service outages.
   - roles: Application Administrators, IT Support Staff
   - references: https://aka.ms/applicationimpersonationdeprecation, https://learn.microsoft.com/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange

Increased Support Tickets
Users may experience issues accessing shared mailboxes or services, resulting in a spike in support requests and user frustration.
   - roles: Help Desk Technicians, User Support Specialists
   - references: https://techcommunity.microsoft.com/blog/exchange/retirement-of-rbac-application-impersonation-in-exchange-online/4062671

User Access Issues
Users may lose access to necessary mailbox functionalities if applications are not updated, impacting their productivity.
   - roles: End Users, Business Analysts
   - references: https://aka.ms/applicationimpersonationdeprecation, https://learn.microsoft.com/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange

Compliance Risks
Failure to update applications may lead to non-compliance with internal policies or regulations due to unauthorized access issues.
   - roles: Compliance Officers, Data Protection Officers
   - references: https://techcommunity.microsoft.com/blog/exchange/retirement-of-rbac-application-impersonation-in-exchange-online/4062671

Increased Development Workload
Development teams will face increased workload to update applications for compliance with new permission requirements, potentially delaying other projects.
   - roles: Software Developers, Project Managers
   - references: https://aka.ms/applicationimpersonationdeprecation, https://learn.microsoft.com/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-11-09MC Last Updated09/27/2024 19:25:092024-11-09T01:27:28Z
2024-11-09MC MessagesUpdated September 27, 2024: We have updated the rollout timeline below. Thank you for your patience.
We are announcing the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online.
[When this will happen:]
We will begin the retirement in September 2024 (previously May) and in February 2025 will remove this role and its feature set from Exchange Online.
Updated November 8, 2024: We are following up on our previous announcement regarding the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online. As the February 2025 deprecation date is approaching, it is important to follow the guidance in this Message Center post and take action now to ensure applications in your tenant are not using this feature. After this date, applications using this feature that are not updated will no longer work. For additional information, please go to: https://aka.ms/applicationimpersonationdeprecation
We are announcing the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online.
[When this will happen:]
We will begin the retirement in September 2024 (previously May) and in February 2025 will remove this role and its feature set from Exchange Online.
2024-11-09MC SummaryThe ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online will be retired in September 2024 and removed in February 2025. This will affect organizations using Exchange Web Services (EWS) to enable one-to-many mailbox access. Organizations should review their current configuration and make changes as appropriate to minimize disruption to their service. More information can be found at the provided links.The RBAC Application Impersonation role in Exchange Online is retiring, with the process starting in September 2024 and completion in February 2025. Applications must be updated to avoid disruption, using App Registration and Application permissions. For guidance, visit the provided links.
2024-11-09MC End Time03/31/2025 09:00:002025-06-30T09:00:00Z
2024-11-09MC prepareReview your current configuration and make changes as appropriate to minimize disruption to your service.
For more information, please see:
Retirement of RBAC Application Impersonation in Exchange Online.
Impersonation and EWS in Exchange
https://aka.ms/ApplicationImpersonationDeprecation
https://learn.microsoft.com/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange
Review your current configuration and make changes as appropriate to minimize disruption to your service.
For more information, please see:
Retirement of RBAC Application Impersonation in Exchange Online.
Impersonation and EWS in Exchange
https://aka.ms/ApplicationImpersonationDeprecation
https://learn.microsoft.com/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange
https://techcommunity.microsoft.com/blog/exchange/retirement-of-rbac-application-impersonation-in-exchange-online/4062671
2024-09-28MC MessagesWe are announcing the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online.
[When this will happen:]
We will begin the retirement in May 2024 and in February 2025 will remove this role and its feature set from Exchange Online.
Updated September 27, 2024: We have updated the rollout timeline below. Thank you for your patience.
We are announcing the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online.
[When this will happen:]
We will begin the retirement in September 2024 (previously May) and in February 2025 will remove this role and its feature set from Exchange Online.
2024-09-28MC TitleRetirement of RBAC Application Impersonation in Exchange Online(Updated) Retirement of RBAC Application Impersonation in Exchange Online
2024-09-28MC Last Updated02/24/2024 00:09:112024-09-27T19:25:09Z
2024-09-28MC SummaryThe ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online will be retired in May 2024 and removed in February 2025. This will affect organizations using Exchange Web Services (EWS) to enable one-to-many mailbox access. Organizations should review their current configuration and make changes as appropriate to minimize disruption to their service. More information can be found at the provided links.The ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online will be retired in September 2024 and removed in February 2025. This will affect organizations using Exchange Web Services (EWS) to enable one-to-many mailbox access. Organizations should review their current configuration and make changes as appropriate to minimize disruption to their service. More information can be found at the provided links.

Last updated 2 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!