If you’ve been a Microsoft 365 administrator for even five minutes, you already know how challenging it can be to keep up with the ever-changing infrastructure, applications and services of Microsoft’s cloud platform. New bells and whistles are constantly being added, and just as many functionalities are deprecated/removed over time.
While it’s nice to know we can always look forward to new features being added, as an administrator, it is especially important that you stay aware of products that are retiring or reaching their end of support timeline. Upon retirement or end of support, there will be no new security or non-security updates, free and/or paid assisted support options or online technical content updates.
Most commercial products and services are governed by either a Fixed Policy or the Modern Policy, which determines support and servicing timelines.
- Modern Policy: Product governed by the Modern Policy follow a continuous support and servicing model. Customers must take the latest update to remain supported. Products and services will provide a minimum of 12 months' notice prior to retirement.
- Fixed Policy: Product governed by the Fixed Policy will have published end of support dates at the time of launch. These products typically have 5 years of mainstream support followed by 5 years of extended support (exceptions may apply).
- When a product reaches the end of the mainstream support phase, customers will no longer be able to receive non-security updates or make requests to change product design and features.
- When a product reaches the end of the extended support phase, the product has reached the end of support.
- Service Packs: For Fixed Policy products, customers are required to move to the latest service pack to remain in support. When a new service pack is released, customers will be supported on the prior service pack for 12 or 24 months to allow time to move to the latest service pack.
For customers requiring more time to move to the latest product, the Extended Security Update (ESU) program is available for certain legacy products as a last resort option. The ESU program provides security updates only for up to 3 years, after the End of Support date.
Microsoft currently has documentation showing product end of support dates through 2027, and you can check that out as well as learn more about Product Lifecycle Policies here: Overview - Product end of support - Microsoft Lifecycle | Microsoft Docs.
There are some particular deprecations and End-of-Support dates coming in 2022 that may need your attention soon, and they are:
Exchange Online Protection: Anti-malware policy retirement (Feb 28, 2022) – MC303513
If you have anti-malware policies that use recipient notifications for quarantined messages, they will not work after Feb 28, 2022. After the retirement, the resulting notifications will no longer be available in the portal or on the New-MalwareFilterPolicy or Set-MalwareFilterPolicy cmdlets.
Solution:
Instead, administrators can use Quarantine policies to configure and deliver notifications to recipients.
MC303513 - EOP: Anti-Malware policy – Quarantine notifications for recipient - The Unofficial M365 Changelog (m365log.com)
End-of-support for OneDrive in Windows 7, 8, and 8.1 (Mar 1, 2022)
Microsoft will no longer support OneDrive on Windows 7, 8, and 8.1 starting on Mar 1, 2022. OneDrive desktop applications running on these operating systems will stop syncing to the cloud from Mar 1, 2022.
Solution:
If you want to use the OneDrive desktop application, you must update to a newer version of Windows.
Microsoft Teams: Removing support for sip-all FQDNs (Mar 1, 2022) – MC307310
On Mar 1, 2022, Microsoft will be removing support for sip-all.pstnhub.microsoft.com and sip-all.pstnhub.gov.teams.microsoft.us FQDNs from the Direct Routing configuration. After the end of support, if your organization uses sip-all FQDN, users will no longer make or receive calls via Direct Routing.
Solution:
You need to use the recommended subnets (52.112.0.0/14 and 52.120.0.0/14) for any classification or access control list (ACL) rules. And discontinue using the sip-all FQDN when configuring Session Border Controls (SBC) for the Direct Routing.
Microsoft to Stop Processing SIP Requests | Enabling Technologies (enablingtechcorp.com)
Exchange Online: API retirements in Exchange Web Services (Mar 31, 2022) – MC296195
Microsoft is deprecating the 25 least used APIs of EWS to begin the process of reducing the surface area of the EWS protocol for maintenance and security purposes. In the coming months Microsoft will send Message Center posts to tenants they can see are using these low volume, and now deprecated APIs.
The list of APIs that will be retired is available here.
Solution:
Microsoft suggests using Microsoft Graph APIs. Microsoft Graph and OAuth 2.0 provide increased security and seamless integration with other Microsoft cloud services.
MC296195 - Upcoming API Retirements in Exchange Web Services for Exchange Online - The Unofficial M365 Changelog (m365log.com)
IE 11 desktop application retirement (June 15, 2022) – MC306663
IE11 desktop application will be retired and no longer supported on June 15, 2022. The IE11 desktop application will no longer be supported and afterwards will redirect to Microsoft Edge if a user tries to access it.
The future of Internet Explorer on Windows 10 is in Microsoft Edge. The IE11 desktop application is not available on Windows 11.
Solution:
To continue using legacy IE-based sites and apps in Windows 10 and Windows 11, you will need to configure those sites and apps to open in Microsoft Edge using Internet Explorer mode.
MC306663 - Reminder: IE11 desktop application retires in 6 months on June 15, 2022 – Set up IE mode today (non-LTSC, non-Server) - The Unofficial M365 Changelog (m365log.com)
Azure AD Graph API retirement (June 30, 2022) – MC281145
Microsoft is retiring Azure AD graph API on June 30, 2022. Apps using Azure AD Graph after this time will no longer receive responses from the Azure AD Graph endpoint.
Since the Azure AD Graph APIs are being retired, Microsoft is also retiring the license assignment operation in the MSOnline and Azure AD PowerShell modules.
Note: If you don’t use Azure AD Graph API, do license management through MSOnline/AzureAD PowerShell, or manage licenses for your organization, you can safely disregard this message.
Solution:
Review, assess and update existing applications to access the license assignment APIs from the Microsoft Graph endpoint and update your scripts to use license assignment cmdlets from the Microsoft Graph PowerShell module to reduce the impact on operations.
Azure AD license management cmdlets retirement (June 30, 2022) – MC281145
Since the Azure AD Graph APIs are being retired, Microsoft is retiring the license assignment operation in the MSOnline and Azure AD PowerShell modules on June 30, 2022. Starting in the first quarter of 2022, customers can opt-in to use the new license management platform.
Several new features and controls will be provided as part of this milestone:
- Allotments will help you separate your licenses into smaller batches so you can set limits on how many licenses are used, and delegate ownership to manage them.
- Group licensing will be extended. In the new licensing platform, Azure AD Premium or Office 365 E3 will no longer be required to use group-based licensing for license assignments. In addition, nested groups will now work for license assignments.
- New license types, including device-based licenses and Independent Software Vendor (ISV) app licensing, will work natively on the new platform.
Solution:
- Instead of using MSOnline PowerShell cmdlets, such as Set-MsolUserLicense, New-MsolUser, you can use the Microsoft Graph PowerShell cmdlets Set-MgUserLicense, New-MgUser, etc.
- Instead of using Azure AD PowerShell cmdlet Set-AzureADUserLicense, you can use the Microsoft Graph PowerShell cmdlet Set-MgUserLicense.
MC281145 - Retirement of (Azure AD) Graph and license assignment operations and updates to license management APIs and PowerShell - The Unofficial M365 Changelog (m365log.com)
Classic Exchange admin center (Sept 1, 2022) – MC283874
In April 2021, Microsoft announced the general availability of the “new” Exchange Admin Center (EAC). Now, they have announced that beginning Sept 2022, we will no longer be able to access the Classic Exchange admin center (EAC).
A number of features previously found in the Classic EAC, including the Protection and Advanced Threat features, began moving to the Microsoft 365 Defender portal in October 2021.
Solution:
You can access the new Exchange admin center directly from https://admin.exchange.microsoft.com, or you will automatically be directed here when choosing Exchange Admin Center from the Microsoft 365 Admin Center. The new EAC offers a faster, more secure, and more intelligent modern admin experience than the classic EAC and has been designed to help admins work more efficiently. The Protection and Advanced Threat features can be accessed directly from the Microsoft 365 Defender portal at https://security.Microsoft.com.
MC283874 - Classic Exchange Admin Center (EAC) Retirement Announcement - The Unofficial M365 Changelog (m365log.com)
Basic auth deprecation in Exchange Online (Oct 22, 2022) – MC286990
In 2019, Microsoft announced they would be retiring Basic Authentication for legacy protocols. In early 2021, they announced they would begin to retire Basic Authentication for protocols not being used in tenants, but not disable Basic Authentication for any in-use protocols until further notice. In September 2021, they announced that they are planning to end the use of Basic Auth in Exchange Online.
Microsoft will retire Basic Authentication beginning October 2022, in all tenant, regardless of usage. After the retirement, legacy protocols like Exchange Web Services (EWS), Exchange Active Sync (EAS), IMAP4, POP3, and Remote PowerShell (RPS) won’t be able to connect to Exchange Online using Basic Auth.
Microsoft selectively picks tenants and disables Basic Auth for all affected protocols except SMTP AUTH for a period of 12-48 hours. After this time, Basic Auth for these protocols will be re-enabled, if the tenant admin has not already re-enabled them using their self-service tools.
During this time all clients and apps that use Basic Auth in that tenant will be affected, and they will be unable to connect. Any client or app using Modern Auth will not be affected. Users can use alternate clients (for example, Outlook on the Web instead of an older Outlook client that does not support Modern Auth) while they upgrade or reconfigure their client apps.
Solution:
You may receive a post in the Message Center up to Oct 2022 informing you that Microsoft is going to disable Basic Auth pro a protocol due to non-usage. You may also get a message stating they know you’re using Basic Auth, but they intend to proactively disable it for a short period of time. You can use the self-service feature in the Microsoft 365 admin center to opt-out and request that they leave specific protocols enable until October 2022. Microsoft hopes this will help minimize disruptions as you transition away from using Basic Authentication.
Microsoft will disable Basic Authentication beginning October 2022, and once that happens, users in your tenant will be unable to access their Exchange Online mailbox using Basic Authentication.
MC286990 - Exchange Online and Basic Auth – September 2021 Update - The Unofficial M365 Changelog (m365log.com)
Microsoft is committed to providing quality products and making improvements to those products as necessary. As customers, we are always advised to install the latest product releases, security updates, and service packs in a timely manner to remain as secure as possible. As I said in the beginning of this article, the challenge we face is simply staying apprised of these updates.
The links throughout the article will give you more information on a the mentioned upcoming changes, but you may also want to check out the Microsoft 365 Roadmap. Here you can get the latest information on updates in productivity apps and various Microsoft cloud services.
If cloud technologies and/or being a Microsoft 365 administrator are new adventures for you, the following courses may also interest you:
MS--900T01 - Microsoft 365 Fundamentals
MS--030T00 - Office 365 Administrator
If you are looking specifically for more information on particular service administration, you may want to check out the following courses:
MS-100T00 - MS-100: Microsoft 365 Identity and Services
MS-101T00 - MS-101: Microsoft 365 Mobility and Security
MS-203T00 - Microsoft 365 Messaging
MS-500T00 – Microsoft 365 Security Administration
MS-700T00 - Managing Microsoft Teams
We’d love to have you attend in person or virtually using our Remote Technology. And in case you didn’t know, however you choose to attend these courses, you may also receive a FREE Microsoft Certification exam voucher to get you moving down the road to certification!
If you have any questions or would like more information regarding courses scheduled at LRS Education Services, please call 877.832.0688 ext: 1493 or email us at getsmart@LRS.com.
Penny Morgan, LRS Education Services
MCT, MCSA, MCITP, MCTS, MCSE, MCP
Microsoft 365 Certified: Fundamentals
Microsoft 365 Certified: Enterprise Administrator Expert
Microsoft 365 Certified: Security Administrator Associate
Microsoft 365 Certified: Messaging Administrator Associate
Microsoft 365 Certified: Teams Administrator Associate
Microsoft Certified: Azure Fundamentals
Microsoft Certified: Azure Administrator Associate