Microsoft Introduces EWSAllowedAppIDs Ahead of Exchange Web Services Retirement
Microsoft has announced the introduction of EWSAllowedAppIDs, a new administrative control designed to help organizations prepare for the final stages of Exchange Web Services (EWS) retirement. EWSAllowedAppIDs is a tenant-level allow list that lets Exchange Online administrators explicitly define which applications are still permitted to access EWS, based on their App ID.
The feature allows administrators to specify which applications can continue accessing EWS, providing greater visibility and control over legacy application dependencies. The capability is intended to help organizations identify critical workloads that still rely on EWS and manage the transition to modern Microsoft 365 APIs. EWSAllowedAppIDs gives administrators a practical way to identify remaining dependencies, limit EWS access to approved applications and reduce the risk of disruption as retirement enforcement begins.
Beginning in October 2026, Exchange Online starts transitioning tenants into retirement enforcement behavior, so deploying and validating the allow list earlier gives administrators time to find unknown dependencies, remove obsolete applications, engage vendors that still rely on EWS and begin migrations to Microsoft Graph.
The new control is designed to ease the migration process by allowing organizations to restrict access while maintaining support for approved applications during the transition period. Administrators are urged to begin taking an inventory of EWS usage, build an allow list and test app ID thoroughly.
Posted by Redmondmag.com Editors on 06/22/2026