Client Access Rules are similar to mail flow rules (also known as transport rules) for client connections to your Exchange Online organization. It helps to control access to your Exchange Online organization based on client properties or client access requests.
CARs allow Microsoft 365 administrators to filter client access to Exchange Online by combining conditions, exceptions, actions, and priorities.
Connections can be allowed or blocked based on the IP address (IPv4 and IPv6), authentication type, and user property values, and the protocol, application, service, or resource that they’re using to connect.
The Exchange Team says “Now with new features, like Continuous Access Evaluation (CAE) that allows Azure Active Directory applications to subscribe to critical events, that can then be evaluated and enforced in near real time; you can have better control while also adding resiliency to your organization”
Microsoft in recent times notified customers that it would start disabling basic authentication in random tenants to improve Exchange Online security beginning October 1, 2022.
“If you do not currently use CARs, cmdlets will be disabled for your tenant after October 2022. If you currently have CARs configured in your tenant you will be able to keep using them until September 2023, which provides you with time to migrate other, more resilient options”, the Exchange Team.