Microsoft to Retire Client Access Rules that Allows Admins to Filter Client Access

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing
Microsoft announced the retirement of Client Access Rules (CARs) in Exchange Online platform by September 2023.

Client Access Rules are similar to mail flow rules (also known as transport rules) for client connections to your Exchange Online organization. It helps to control access to your Exchange Online organization based on client properties or client access requests.

CARs allow Microsoft 365 administrators to filter client access to Exchange Online by combining conditions, exceptions, actions, and priorities.

Connections can be allowed or blocked based on the IP address (IPv4 and IPv6), authentication type, and user property values, and the protocol, application, service, or resource that they’re using to connect.

CARs Deprecation Timeline

The Exchange Team says “Now with new features, like Continuous Access Evaluation (CAE) that allows Azure Active Directory applications to subscribe to critical events, that can then be evaluated and enforced in near real time; you can have better control while also adding resiliency to your organization”

Microsoft in recent times notified customers that it would start disabling basic authentication in random tenants to improve Exchange Online security beginning October 1, 2022.

“If you do not currently use CARs, cmdlets will be disabled for your tenant after October 2022. If you currently have CARs configured in your tenant you will be able to keep using them until September 2023, which provides you with time to migrate other, more resilient options”, the Exchange Team.