Microsoft Sets April 2027 Deadline to Retire Exchange Online EWS API

Microsoft has announced a definitive timeline for retiring the Exchange Web Services (EWS) API for Exchange Online, setting April 1, 2027 as the final cutoff date for this nearly two-decade-old technology. The phased approach gives administrators and developers nearly two years to migrate their applications to the modern Microsoft Graph API.

Understanding the Impact

The retirement affects only Exchange Online environments within Microsoft 365. On-premises Exchange Server installations will continue to support EWS without interruption, though hybrid scenarios require careful consideration. Applications accessing cloud mailboxes must transition to Microsoft Graph, while those connecting to on-premises mailboxes can maintain EWS access.

EWS has been a foundational technology since Exchange Server 2007, enabling developers to build applications that access email messages, calendar events, contacts, and other mailbox items across platforms. Its retirement marks the end of an era for enterprise integration patterns that have dominated business workflows for nearly 20 years.

The Phased Shutdown Approach

Microsoft's retirement plan follows a structured timeline designed to minimize disruption:

October 1, 2026 - Exchange Online EWS will be blocked by default. Administrators can create allowlists to temporarily maintain access for specific applications.

September 2026 - Microsoft will automatically generate allowlists for organizations that haven't created their own, based on tenant usage patterns.

April 1, 2027 - Complete shutdown with no exceptions granted.

August 31, 2026 - Deadline for administrators to configure settings and avoid automatic blocking.

Migration Strategy and Requirements

Microsoft strongly recommends transitioning to the Microsoft Graph API, which has achieved near-complete feature parity with EWS for most scenarios. The Graph API represents Microsoft's modern approach to unified API access across its cloud services, offering improved security, scalability, and reliability.

For hybrid environments, the migration path requires additional consideration. Only Exchange Server Enterprise Edition (SE) supports Graph for calls to Exchange Online. Organizations with on-premises mailboxes must host them on Exchange SE to enable Graph-based access patterns.

Identifying Dependencies

To help organizations identify applications dependent on EWS, Microsoft plans to conduct "scream tests" - temporary disabling of EWS access to expose hidden dependencies before the final cutoff. These tests will help administrators discover applications that may fail silently when EWS becomes unavailable.

Monthly Message Center notifications will provide tenant-specific reminders and usage summaries, keeping IT administrators informed throughout the transition period.

Historical Context

This retirement follows years of Microsoft signaling the eventual deprecation of EWS. In September 2023, the company announced plans to begin retirement in October 2026. A 2018 warning indicated EWS would stop receiving functionality updates, and in October 2021, Microsoft deprecated the 25 least-used EWS APIs for Exchange Online, removing them in March 2022 for security reasons.

Practical Steps for Organizations

Organizations should immediately begin inventorying applications that use EWS for Exchange Online access. This includes:

• Custom-developed applications
• Third-party integrations
• Mobile device management solutions
• Email archival systems
• Compliance and e-discovery tools
• Business workflow automation

For each application, determine whether it accesses cloud or on-premises mailboxes, and plan the appropriate migration strategy. Applications accessing only cloud mailboxes must move to Microsoft Graph, while hybrid scenarios may require infrastructure changes.

Technical Considerations

The migration from EWS to Microsoft Graph involves more than simple code changes. Developers must understand the different authentication models, data structures, and API patterns. Microsoft Graph uses OAuth 2.0 for authentication, while EWS traditionally used Basic authentication or OAuth in newer implementations.

Data models also differ significantly. EWS uses XML-based SOAP messages, while Microsoft Graph employs RESTful JSON APIs. This fundamental difference affects how applications parse responses, handle errors, and manage state.

Timeline Management

With the October 2026 default blocking approaching, organizations have a critical window to prepare. The August 31, 2026 deadline for configuring allowlists represents a hard cutoff - missing this date means automatic blocking of EWS access on October 1.

Organizations should establish migration timelines that account for:

• Application inventory and dependency mapping
• Development and testing of Graph API implementations
• User acceptance testing and validation
• Phased rollout and monitoring
• Fallback procedures and rollback planning

Expert Recommendations

Security experts recommend treating this migration as a security enhancement opportunity. Microsoft Graph offers improved security features, including better access control, audit logging, and compliance capabilities compared to the aging EWS infrastructure.

Organizations should also consider this transition as an opportunity to modernize their integration architecture. Many EWS-dependent applications may benefit from re-architecture using modern development practices and cloud-native patterns.

Conclusion

The retirement of Exchange Online EWS represents a significant shift in Microsoft's platform strategy, moving toward unified, modern APIs that better serve today's security and scalability requirements. Organizations that begin their migration planning now will be well-positioned to complete the transition smoothly before the April 2027 deadline.

The phased approach provides multiple opportunities to identify and address issues before the final shutdown, but success requires proactive planning and execution. Organizations should leverage Microsoft's migration resources, engage with application vendors, and allocate sufficient time for testing and validation to ensure business continuity throughout the transition.