Phishing attacks against Microsoft Office 365 logins continue to happen every day. Learn strategies your company can use to stay safe from phishing.
Microsoft Abandons Exchange Web Services. Time to Ask Some Questions
Since the first version of Exchange Server, Microsoft has provided the most user-friendly and extensible communications ...
Since the first version of Exchange Server, Microsoft has provided the most user-friendly and extensible communications platform on the planet, with open APIs and a strong focus on the partner community.
That openness and API-based approach has led to unprecedented innovation in spaces such as backup, archiving, eDiscovery and data analytics. One could go as far as claiming that the healthy ecosystem around Exchange and Office 365 has filled some crucial gaps for those platforms to become “Enterprise-ready” and it was one of the key reasons for Microsoft’s dominant position in the electronic communications space today.
As veteran third party developers and business leaders, we have benefitted tremendously from this; in fact, many of us have built our livelihoods around Microsoft’s messaging platforms. However, today we feel the need to respond to the latest announcements in this unusual and public way:
On October 5th 2021, the Microsoft Exchange Team announced the deprecation of some important methods in the Exchange Web Services API and warned customers and partners that there will be no way to register new apps in Azure AD from Q4 2022 onwards. The post suggested that the best option would be to use the Graph API instead.
The announcement left us not only surprised but very concerned:
- Exchange Web Services is the de-facto standard for accessing email data in the Microsoft cloud and the only full-featured and performant interface to do this against large data volumes
- The Graph API has severe gaps in terms of functionality and is inherently slow when dealing with a large number of objects.
- It follows a trend of announcements that Microsoft is trying to use its dominant position to charge customers for accessing their data through non-Microsoft products & platforms. (For example, Teams API access fees)
This will have many negative consequences for Microsoft customers and the partner community. Here are just some examples of the impact.
Without Exchange Web Services, all well-known email migration tools will cease to work.
Whether data needs to be transferred from a legacy archive system, moved after an acquisition, or reconciled from several PST files, there is no way to transfer data into – and as importantly – out of the platform with full fidelity of the email and without losing important metadata.
And with the announcement to charge for data access, this might become a very costly exercise anyway.
Office 365 Backup and Restore
With this year’s Exchange breaches in mind, a regular, independent backup copy of the data in Office 365 should still be considered best practice.
But with this announcement, the capability for customers to backup and restore data from Office 365 will be severely slowed down, to the point where creating a safety copy of the data becomes impossible.
And if Microsoft starts charging for this, then having a backup outside the Office 365 platform might simply be no longer financially viable.
Discovery and Analytics platforms
Email and electronic communications are essential business records and require an effective retention strategy to deal with regulations. In some parts of the world, where privacy laws prevent the journaling and retention of all data for a fixed 10-year period, the ability to identify tax-relevant or GDPR-protected data through analytics and machine learning algorithms is key to solving these contradicting regulations. The lack of adequate interfaces to email and communications data will at least make it harder for EU customers to comply with data protection laws moving forwards.
We feel that these examples show clearly that the Office 365 team has decided without considering the dramatic impact it will have on its customers and partners.
- Microsoft customers lose a great deal of data sovereignty
- The partner community can no longer solve important customer issues
- Third-party developers are severely restricted in their ability to innovate
- Microsoft’s competitors are locked out as migration is too expensive or even impossible
We want to speak up now and make it clear that it should be in Microsoft’s own interest to extend the transition period for EWS and, at the same time, work with the community to make Graph an adequate replacement.
Not doing so might lead to massive issues with customers facing enterprise transformation challenges such as mergers and acquisitions, to a lack of engagement of partners and third-party developers that can no longer deliver business-critical functionality for industries such as banking or pharma and lead to further investigations by the anti-trust and data protection regulators around the world.
Also, given that many third party developers are dependent on free API access to the Office 365 platform, we would hope for another clear message from Microsoft:
Will charging for API access be limited to Teams or could the majority of Email, SharePoint and OneDrive integrations become economically unviable soon?
We hope that our concerns are heard because we have made a strong commitment to Microsoft since the early days of Exchange server. We hope that Microsoft shows that same commitment to the partner community and the hundreds of products built by thousands of developers that will cease to work once this announcement becomes a reality.