Upcoming Changes to Exchange Hybrid Functionality: What You Need to Know and How Connection Can Help

Microsoft is implementing critical updates to Exchange hybrid environments as part of its Secure Future Initiative (SFI), aimed at enhancing security and modernizing hybrid configurations. These changes will directly impact organizations using Exchange Server in hybrid mode with Exchange Online, especially those relying on rich coexistence features like Free/Busy lookups, MailTips, and profile picture sharing.

Key Changes

1. Transition to a Dedicated Exchange Hybrid Application

Historically, Exchange hybrid environments have used a shared service principal (Office 365 Exchange Online) to enable hybrid features. Starting with the April 2025 Hotfix Update (HU), Microsoft is transitioning to a dedicated Exchange hybrid application in Entra ID. By October 2025, all hybrid environments requiring rich coexistence must switch to this dedicated app, as the shared service principal will no longer be supported.

Organizations can make this change by:

• Installing the April 2025 HU (or later) and running the ConfigureExchangeHybridApplication.ps1 script.
• Alternatively, using the updated Hybrid Configuration Wizard (HCW), though the script is recommended for robustness.

2. Deprecation of Exchange Web Services (EWS)

Microsoft is also retiring EWS calls from Exchange Server to Exchange Online. These will be replaced with REST-based Microsoft Graph API calls, offering more granular permissions and improved security. This update is expected in Q3 2025, and organizations must adopt it by October 2026 to maintain hybrid functionality.

Who Needs to Act and When

If your organization uses rich coexistence features, you must:

• Switch to the dedicated hybrid app by October 2025
• Update to Graph API permissions by October 2026

Failure to do so will result in broken hybrid features, including Free/Busy sharing and MailTips.

Organizations not using rich coexistence should still consider running the Service Principal Clean-Up Mode script to remove legacy certificates and harden their hybrid configuration.

How Can Connection Help?

Navigating these changes can be complex, but Connection is here to support you. Our experts can:

• Assess your current Exchange hybrid setup
• Guide you through the transition to the dedicated hybrid app
• Prepare your environment for Graph API integration
• Ensure compliance and continuity of service

Don't wait until functionality breaks-contact your Connection team today to schedule a review and stay ahead of these critical updates.