Evolving Exchange Online Security: Deprecation of Client Access Rules
As of June 1, 2021, Microsoft Exchange Online is evolving its security measures. One of the changes involves the deprecation of Client Access Rules (CARs). This blog will explain the reasons behind this change and what organizations should do to prepare.
What are Client Access Rules?
Client Access Rules (CARs) were introduced in Exchange Online as a way to control how mail is routed to and from the service. CARs allowed administrators to create rules that would allow certain messages to reach certain mailboxes, while blocking messages from certain senders or for certain keywords.
Why is Microsoft Deprecating Client Access Rules?
Microsoft has determined that Client Access Rules are not an effective way to secure Exchange Online. While they can provide some measure of control over how mail is routed, they do not provide the same level of security that other methods do. In addition, they can be difficult to manage and require additional overhead to maintain. As a result, Microsoft has decided to deprecate CARs in favor of other more secure methods.
What Should Organizations Do to Prepare?
Organizations should begin preparing now for the deprecation of Client Access Rules. There are several steps that should be taken to ensure a smooth transition and to ensure that messages are still routed securely. These steps include:
1. Evaluate Current Client Access Rules
Organizations should evaluate their current Client Access Rules to determine which ones are still necessary and which ones can be removed. This will help reduce the amount of work that needs to be done to transition to other methods of routing mail.
2. Identify Alternative Methods of Secure Routing
Organizations should identify alternative methods of routing mail securely. These methods include using Transport Rules, Conditional Access Policies, Exchange Online Protection (EOP), and Exchange Online Protection for Exchange Online (EOP for Exchange Online).
3. Plan for Migration
Organizations should plan for the migration of their Client Access Rules to the alternative methods. This involves creating the necessary rules and policies, testing them to ensure they are working correctly, and then deploying them in a production environment.
4. Monitor the Environment
Organizations should monitor the environment to ensure that messages are being routed securely. This includes monitoring the logs to ensure that the rules and policies are being enforced correctly.
Conclusion
The deprecation of Client Access Rules in Exchange Online is an important step in improving the security of the service. Organizations should begin preparing now for the change by evaluating their current rules, identifying alternative methods of routing mail securely, planning for the migration, and monitoring the environment.
For more information on the deprecation of Client Access Rules, please see the Microsoft Exchange Team blog.
References:
Deprecation of Client Access Rules in Exchange Online
