Microsoft's EWS Shutdown: A Timeline for Exchange Web Services Retirement

Microsoft has laid out a definitive timeline for the retirement of Exchange Web Services (EWS), an API that has been a cornerstone of email integration since Exchange Server 2007. The company's announcement sets October 1, 2026, as the date when EWS will be disabled by default in Microsoft 365 and Exchange Online, with a complete shutdown scheduled for April 1, 2027.

The Countdown Begins

The retirement process offers a brief grace period for organizations that haven't completed their migration. Tenants can maintain EWS functionality by setting the EWSEnabled flag to true before August 2026, but this is merely a temporary reprieve. After April 1, 2027, the service will be terminated entirely, with Microsoft explicitly stating "There will be no exceptions past April 2027."

This timeline represents the culmination of a deprecation process that began years ago. Microsoft first announced EWS retirement in 2023, and the company has been gradually tightening restrictions. In 2025, Microsoft confirmed that certain license types, specifically F1 and F2, would be blocked from using the service.

Why EWS Is Being Retired

Exchange Web Services has been a popular choice for integrators, third-party applications, and even Microsoft's own products like Outlook Classic. The API allows applications to access mailboxes and data stores in Exchange Online and Exchange Server, making it a versatile tool for email integration.

However, EWS has also been a target for malicious actors. Following the high-profile Midnight Blizzard security incident, Microsoft "elevated the urgency" of retiring the technology. The company views EWS as a potential security vulnerability that needs to be eliminated from its modern cloud infrastructure.

The Migration Challenge

Microsoft's preferred replacement for EWS is Microsoft Graph, a unified API that provides access to a wide range of Microsoft 365 services. However, the transition isn't straightforward. Microsoft acknowledges that Graph is at "near-complete" feature parity with EWS, and even the company itself hasn't finished migrating all its impacted applications.

This partial feature parity presents a significant challenge for organizations that rely heavily on EWS functionality. Administrators who haven't yet begun or completed their migration will need to accelerate their efforts to meet the upcoming deadlines.

"Scream Tests" and Service Reliability

In an unusual approach to identifying hidden dependencies, Microsoft has announced it may perform temporary "scream tests" where it turns EWS off and on to expose applications that still rely on the service. This method aims to help organizations discover unexpected dependencies before the permanent shutdown.

However, this approach raises questions about service reliability. Microsoft didn't clarify how administrators would differentiate between an intentional "scream test" and one of the regular outages that have affected its online services. The ambiguity leaves open the possibility that organizations might struggle to determine whether an EWS outage is a planned test or an operational issue.

What Remains Unchanged

It's important to note that the EWS retirement only applies to Microsoft 365 and Exchange Online. Organizations running on-premises Exchange Server will see no changes to their EWS functionality. This distinction is crucial for businesses that maintain hybrid environments or have specific compliance requirements that necessitate on-premises infrastructure.

The retirement of EWS marks the end of an era for Microsoft's email integration capabilities. For nearly two decades, EWS has enabled countless integrations and applications, but its security vulnerabilities and the evolution of more modern APIs have made its retirement inevitable. Organizations now face the challenge of migrating to Microsoft Graph or alternative solutions before the April 2027 deadline, with the clock already ticking toward the October 2026 default disablement date.