Microsoft today announced that the deprecation of Client Access Rules (CARs) in Exchange Online will be delayed one year to September 2024.

Microsoft 365 administrators can use CARs that include priority values, exceptions, actions, and conditions to filter customer access to Exchange Online using various factors.

These factors include the client’s IP addresses and authentication type, as well as the protocol, application, or service it uses to establish the connections. Essentially, once configured, they help control access to Exchange Online resources within an organization.

In a previous ad Starting in September 2022, the company said old Exchange Online access rules will be phased out until September 2023.

The following month, Redmond disabled CARs cmdlets in tenants where they were not used to promote a move to more secure alternatives such as Azure Active Directory (AAD) conditional access (AC) and continuous access assessment (CAE).

The phasing out delay was driven by the inability to migrate some CARs to Azure AD CA and CAE until the original deadline, in some cases due to the need for proper support.

“We’ve been working with customers to find out how they use CARs and how they can migrate to these new features, but we’ve come across a few scenarios where it’s not possible to migrate the current rules,” the company said on Friday. Exchange team.

“For these scenarios, we will allow the use of CARs beyond the previously announced September 2023 deadline until we can support them.”

Until the final retirement deadline is reached next year, Microsoft is waiting for customers to seek help migrating their CARs to the new access control options through support tickets.

“We understand that migrating from CARs to Conditional Access and CAE requires some planning and testing, and we’re here to help you with that process,” the Exchange team added.

“If there is a technical reason preventing you from migrating your CARs, please open a support ticket so we can investigate and understand your needs.”

As Redmond explained in September 2022, moving from legacy Exchange Online access rules to Conditional Access would add additional resiliency by ensuring tenant policy changes are applied in near real-time and ending proactively to active user sessions.

Microsoft also recently warned customers that basic authentication would be disabled in random tenants to strengthen Exchange Online security starting October 1, 2022.

The warning follows several recalls issued by Redmond over the past three years, the first of which was published in September 2019.