(Updated) Update to EWS Access for Kiosk / Frontline Worker Licenses

🚨 The Signal: Microsoft will enforce existing license restrictions for Exchange Web Services (EWS) access for Kiosk and Frontline Worker licenses starting October 1, 2026. This enhances security by preventing unauthorized EWS access for these specific license types.

The Impact

Frontline workers and Kiosk users are affected, reducing their attack surface by blocking EWS access.

• Frontline workers: May lose access to applications relying on EWS.
• Kiosk users: Will be blocked from EWS-dependent services.
• Security teams: Reduced attack surface for these user groups.
• Identity admins: Must review and update licenses for continued EWS access.

The Action

1. Identify all users with Exchange Online Kiosk, M365/O365 F1, or M365/O365 F3 licenses.
2. Determine if any identified users currently utilize EWS for mailbox access.
3. For users requiring continued EWS access, assign an Exchange Online Plan 1/2 or M365/O365 E3/E5 license.
4. Communicate the change and potential impact to affected user groups.
5. Monitor EWS access logs for HTTP 403 responses post-October 1, 2026, to identify any missed users.

Domain: Exchange · Impact: high · Workload: Exchange Online