Change Details

For mailbox access we are currently using the permission `EWS.AccessAsUser.All` and SOAP-based API-calls to `https://outlook.office365.com/EWS/Exchange.asmx`. This constitutes two major problems: 1. This permission cannot be obtained for personal accounts (https://us-kb.sage.com/portal/app/portlets/results/viewsolution.jsp?solutionid=221924560117216) 2. Access by "non-Microsoft apps" to the Exchange online EWS API is scheduled to be retired Oct 1st 2026 (https://devblogs.microsoft.com/microsoft365dev/retirement-of-exchange-web-services-in-exchange-online/) Both problems seem to require us to fully move to the "Microsoft Graph" API (Json based API-calls). Action plan: - [X] Get confirmation from Microsoft that we really have a correct understanding of their terminology, i.e. we are going to be affected by the EWS retirement, despite technically obtaining our permission token via the MS Graph API - Yes, response from MS: we are going to be affected - [X] Determine whether there are any relevant scenarios (EWS on premises?) where we cannot rely on MS Graph API: Do we need to support both APIs / do we need an abstraction layer? - Yes, response from MS: Exchange on premises will continue to support EWS-API, only. - [ ] Determine which exact API calls we actually need (current EWS-based implementation seems to be based on 3rd-party code that seems to cover substantially more than what we need), and whether there exists a non-bloated library for that - [ ] Based on the above: Port our code

For mailbox access we are currently using the permission `EWS.AccessAsUser.All` and SOAP-based API-calls to `https://outlook.office365.com/EWS/Exchange.asmx`. This constitutes two major problems: 1. This permission cannot be obtained for personal accounts (https://us-kb.sage.com/portal/app/portlets/results/viewsolution.jsp?solutionid=221924560117216) 2. Access by "non-Microsoft apps" to the Exchange online EWS API is scheduled to be retired Oct 1st 2026 (https://devblogs.microsoft.com/microsoft365dev/retirement-of-exchange-web-services-in-exchange-online/) Both problems seem to require us to fully move to the "Microsoft Graph" API (Json based API-calls). Action plan: - [X] Get confirmation from Microsoft that we really have a correct understanding of their terminology, i.e. we are going to be affected by the EWS retirement, despite technically obtaining our permission token via the MS Graph API - Yes, response from MS: we are going to be affected - [X] Determine whether there are any relevant scenarios (EWS on premises?) where we cannot rely on MS Graph API: Do we need to support both APIs / do we need an abstraction layer? - Yes, response from MS: Exchange on premises will continue to support EWS-API, only. - [X] Determine which exact API calls we actually need (current EWS-based implementation seems to be based on 3rd-party code that seems to cover substantially more than what we need), and whether there exists a non-bloated library for that - We actually need a smallish set of calls, only (see comment) - [ ] Based on the above: Port our code - Initial mockup / WIP: work/tfry/apiabstraction_mockup

For mailbox access we are currently using the permission `EWS.AccessAsUser.All` and SOAP-based API-calls to `https://outlook.office365.com/EWS/Exchange.asmx`. This constitutes two major problems: 1. This permission cannot be obtained for personal accounts (https://us-kb.sage.com/portal/app/portlets/results/viewsolution.jsp?solutionid=221924560117216) 2. Access by "non-Microsoft apps" to the Exchange online EWS API is scheduled to be retired Oct 1st 2026 (https://devblogs.microsoft.com/microsoft365dev/retirement-of-exchange-web-services-in-exchange-online/) Both problems seem to require us to fully move to the "Microsoft Graph" API (Json based API-calls). Action plan: - [X] Get confirmation from Microsoft that we really have a correct understanding of their terminology, i.e. we are going to be affected by the EWS retirement, despite technically obtaining our permission token via the MS Graph API - Yes, response from MS: we are going to be affected - [X] Determine whether there are any relevant scenarios (EWS on premises?) where we cannot rely on MS Graph API: Do we need to support both APIs / do we need an abstraction layer? - Yes, response from MS: Exchange on premises will continue to support EWS-API, only. - [ - [X] Determine which exact API calls we actually need (current EWS-based implementation seems to be based on 3rd-party code that seems to cover substantially more than what we need), and whether there exists a non-bloated library for that - We actually need a smallish set of calls, only (see comment) - [ ] Based on the above: Port our code - Initial mockup / WIP: work/tfry/apiabstraction_mockup