Microsoft Exchange Online is making some major access changes TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Microsoft Exchange Online is making some major access changes By Will McCurdy published 29 September 2022 Older access management system will be phased out by 2023 (Image credit: Passwork) Audio player loading… Microsoft is set to phase out the use of Client Access Rules (CARs) in Exchange Online. CARs help users control access to their Exchange Online organization based on client properties or client access requests, using details such as their IP address (IPv4 and IPv6), authentication type, user property values, and the protocol, application, service, or the resource that they're using to connect CARs are set to be fully deprecated by September 2023, and will be disabled for tenants who don't use them in October 2022. What s replacing CARs As per the announcement (opens in new tab)by Microsoft, CARs are set to be replaced by Continuous Access Evaluation (CAE). CAE was first announced in January 2021, and according to Microsoft (opens in new tab) will allow Azure Active Directory applications to subscribe to critical events. These events, which include account revocation, account disablement/deletion, password change, user location change, and user risk increase can then be evaluated and enforced in "near real-time". On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy. Microsoft says this enables users to have better control while also adding resiliency to their organizations because the real-time enforcement of policies can safely extend the session duration. In the case of any Azure AD outages, users with CAE sessions will reportedly be able to ride out these outages without ever noticing them. Tenants still using client access rules are set to receive notifications via Message Center to start the planning process to migrate their rules.READ MORE:> Microsoft Exchange backdoors abused to spy on NGOs worldwide > Microsoft Exchange servers are being hacked to deploy ransomware > Our guide to the best ID theft protection It's no surprise that Microsoft is consistently rolling out updates to Microsoft Exchange's authentification protocols, it's a platform that's remaining a consistent target for cybercriminals. A group of cybersecurity authorities, including the US Federal Bureau of Investigation (FBI) and the United Kingdom's National Cyber Security Centre (NCSC) highlighted how Iranian state-sponsored hackers have beenusing the ProxyShell vulnerability (opens in new tab) since at least October 2021. This vulnerability gave cybercriminals unauthenticated, remote code execution powers.Concerned about your email security? Checkout our guide to the best best endpoint protection Will McCurdyWill McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1One of the world's most popular programming languages is coming to Linux2Apple October launches: the new devices we might see this month3Google's AI editing tricks are making Photoshop irrelevant for most people4You may not have to sell a body part to afford the Nvidia RTX 4090 after all5The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me1We finally know what 'Wi-Fi' stands for - and it's not what you think2Best laptops for designers and coders 3Miofive 4K Dash Cam review4Logitech's latest webcam and headset want to relieve your work day frustrations5Best offers on Laptops for Education – this festive season Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)