Share via


Breaking change to on-premises EWS Push Notifications

There is a change being introduced to on-premises Exchange servers 2010, 2013, 2016 and 2019 through cumulative updates which will break existing EWS Push applications which authenticate the notifications sent from Exchange to the listening client. Every developer and programmer who works with a program that uses EWS Push needs to read the article below and make the needed changes. All administrators should also read these articles, consider the recommended changes, and reach out to their vendors about possible impact to their application which use EWS Push notifications.

Exchange Web Services Push Notifications can be used to gain unauthorized access
    https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce

The article points to setting a throttling policy for push which will prevent Push notifications from being sent from the server to the client.

Set-ThrottlingPolicy
/en-us/powershell/module/exchange/server-health-and-performance/set-throttlingpolicy?view=exchange-ps

Keep in mind that push notifications sent from the server to the EWS listener have very basic information – such as item ids and the event which fired.