Exchange Online Exchange ActiveSync 16.1 cutoff
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft will block Exchange Online access for Exchange ActiveSync devices below 16.1, forcing administrators to update legacy mobile email clients before March 1, 2026. The change affects native email apps on mobile devices, while Outlook Mobile and on-premises Exchange Server are not impacted. Microsoft is also giving admins a PowerShell method to identify outdated devices ahead of the rollout.
Related Happenings
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)
Vulnerability
First: 15.05.2026 09:19
Last: 15.05.2026 09:19
Sources 1
About this happening:
**CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...
Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)
VulnerabilityAbout this happening: **CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...
Microsoft Windows 365 Office installation disruption
Service Disruption
First: 13.05.2026 14:53
Last: 13.05.2026 14:53
Sources 1
About this happening:
The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....
Microsoft Windows 365 Office installation disruption
Service DisruptionAbout this happening: The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/Service
First: 28.04.2026 16:18
Last: 28.04.2026 16:18
Sources 1
About this happening:
**Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/ServiceAbout this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
Microsoft Classic Outlook email sending disruption
Service Disruption
First: 02.04.2026 12:12
Last: 02.04.2026 12:12
Sources 1
About this happening:
**Microsoft** is investigating a **Classic Outlook** disruption that can prevent some users from sending or replying to email through **Outlook.com**, causing **NDR errors** and m...
Microsoft Classic Outlook email sending disruption
Service DisruptionAbout this happening: **Microsoft** is investigating a **Classic Outlook** disruption that can prevent some users from sending or replying to email through **Outlook.com**, causing **NDR errors** and m...
Latest development: 06.04.2026 22:19
Microsoft fixed a known issue affecting some Classic Outlook users sending emails via Outlook.com that could return non-delivery reports (NDRs) with 0x80070005-0x0004dc-0x000524 errors. Microsoft said the service change was in production as of April 3, 2026, and advised affected users to use the New Outlook client or Outlook.com on the web; Microsoft also pointed users to downloading the Outlook Address Book for affected Outlook.com accounts.
Timeline
-
16.12.2025 14:53 2 articles · 5mo ago
Microsoft announces Exchange Online EAS cutoff
Initial DisclosureMicrosoft announces that Exchange Online will block mobile devices running Exchange ActiveSync versions below 16.1 starting March 1, 2026, and tells administrators to identify older devices with a PowerShell report, update devices and applications, and verify that Outlook Mobile and on-premises Exchange Server are not affected.
Show sources
- Microsoft to block Exchange Online access for outdated mobile devices — www.bleepingcomputer.com — 16.12.2025 14:53
- Microsoft to block Exchange Online access for outdated mobile devices — www.bleepingcomputer.com — 16.12.2025 14:53
-
16.12.2025 14:53 1 articles · 5mo ago
Exchange Online blocks EAS below 16.1
Mitigation Patch UpdateExchange Online begins refusing connections from mobile devices running Exchange ActiveSync versions lower than 16.1, affecting native email apps on phones and tablets while leaving Outlook Mobile and on-premises Exchange Server unaffected.
Show sources
- Microsoft to block Exchange Online access for outdated mobile devices — www.bleepingcomputer.com — 16.12.2025 14:53