The goal of this post is to compile all announced Office 365 service changes for 2017, especially those that may require admin action, into a single reference. These changes are listed below in chronological order, based on the "Action Required" date. Additional information and resources related to these changes are provided where applicable. Updates will be made to this post as new service changes are announced, or updates to announced changes are provided.
Note: All changes may not have been communicated to your tenant / environment.
- Moved Public Preview of Microsoft Graph Reporting APIs to Archive
- Moved Changes to Token Lifetime Defaults in Azure AD to Archive
- Updated RPC over HTTP Deprecation - updated language and added "What will happen on Oct 31, 2017?" image from Ignite 2017 session
- Moved Update to Azure AD Conditional Access for Office.com to Archive
- Moved Improvements to the Office 365 ProPlus update model to Archive
- Added Changes to the Token Lifetime Defaults in Azure AD
- Added Update to Azure AD Conditional Access for Office.com
- Added OneDrive End of Support Notice for Windows Vista, Windows Server 2008 and Mac OS X 10.9
- Updated Improvements to the Office 365 ProPlus update model
- Updated Removal of Site Mailboxes in SharePoint Online with additional resources
- Moved Project Online requirements are changing to Archive
- Moved SharePoint Online eDiscovery Transition to Archive
- Updated Exchange Online eDiscovery Transition
- Moved Important notice for Office 365 email customers who have configured connectors to Archive
- Added Improvements to the Office 365 update model
- Updates to formatting for consistency throughout post
- Moved Update to Client Access Rules for Office 365 customers to Archive
- Moved Access Web App deprecation in SharePoint Online to Archive
- Removed all Message Center references - see this page for more details
- Updated details for active entries with publicly available information (where applicable)
- Moved Active Directory Synchronization (DirSync) Deprecation to Archive
- Moved SharePoint Online Public Websites are going away to Archive
- Added Access Web App deprecation in SharePoint Online – action required by May 31, 2017
- Added DirSync and Azure AD Sync communication to Azure Active Directory – action required by December 31, 2017
- Moved Change to unused anonymous links to Archive
- Updated Active Directory Synchronization (DirSync) Deprecation
- Updated SharePoint Online Public Websites are going away
- Added Public Preview of Microsoft Graph Reporting APIs
- Moved Office 365 ProPlus 2013 Availability & Supportability to Archive
- Moved Removal of Site Mailboxes in SharePoint Online to Archive
- Added Change to unused anonymous links
- Updated Active Directory Synchronization (DirSync) Deprecation
- Added Update to Client Access Rules for Office 365 customers
- Updated SharePoint and Exchange Online eDiscovery Transition
- Updated Project Online requirements are changing - deadline extended to June 30, 2017
- Updated SharePoint Online Public Websites are going away - action now required by April 30, 2017
- Updated Important notice for O365 email customers who have configured connectors - deadline extended to July 5, 2017
- Added Removal of Site Mailboxes in SharePoint Online
- Added Important notice for O365 email customers who have configured connectors
- Updated Active Directory Synchronization (DirSync) Deprecation
- Added SharePoint and Exchange Online eDiscovery Transition
Exchange Online eDiscovery Transition
Action Required by: TBD (originally July 1, 2017)
Updated June 28, 2017: Due to the delayed release of a feature that will allow you to copy the results of an eDiscovery search in the Office 365 Security & Compliance Center to a discovery mailbox, we're postponing the decommissioning of new In-Place eDiscovery searches and In-Place holds in Exchange Online. You will continue to be able to create new searches and holds in the Exchange admin center until further notice. But later this year or early next year, you won't be able to create new In-Place Holds in Exchange Online. At that time, only Litigation Holds and Office 365 retention policies can be used to create an inactive mailbox. However, existing inactive mailboxes that are on In-Place Hold will still be supported, and you can continue to manage the In-Place Holds on inactive mailboxes. This includes changing the duration of an In-Place Hold and permanently deleting an inactive mailbox by removing the In-Place Hold.
On July 1, 2017, Microsoft will disable the ability to create new In-Place eDiscovery searches and In-Place Holds (*-MailboxSearch) in the Exchange Admin Center in Exchange Online. Instead, we invite you to use the Security & Compliance Center to fulfill your organization’s eDiscovery needs. You will still be able to edit and run existing searches in the Exchange Admin Center. Microsoft is decommissioning these eDiscovery tools because of their limited breadth across Office 365 services. The Security & Compliance Center supports permissions, cases, holds and exports as well as Advanced eDiscovery features such as Themes, Email Threading, Near Duplicate Detections, and Predictive coding. These changes only apply to the Exchange Admin Center in Exchange Online. On-premises and dedicated deployments of these tools will continue to be supported.
- Microsoft Tech Community: SharePoint and Exchange Online eDiscovery Transitioning to Office 365 Security & Compliance Center
- Inactive mailboxes in Exchange Online
RPC over HTTP Deprecation
Action Required by: October 31, 2017 at 5:59 PM UTC
Details: As of October 31, 2017, RPC over HTTP will no longer be a supported protocol for accessing mail data from Exchange Online. Microsoft will no longer provide support or updates for Outlook clients that connect through RPC over HTTP, and the quality of the mail experience will decrease over time. RPC over HTTP is being replaced by MAPI over HTTP, a modern protocol that was launched in May 2014. This change affects you if you're running Outlook 2007 because Outlook 2007 won't work with MAPI over HTTP. To avoid being in an unsupported state, Outlook 2007 customers have to update to a newer version of Outlook or use Outlook on the web. This change may also affect you if you're running Outlook 2016, Outlook 2013, or Outlook 2010 because you must regularly check that the latest cumulative update for the version of Office that you have is installed. Note that RPC over HTTP will continue to work after October 31st, even though it will not be supported.
The following slide is from the Ignite 2017 session BRK2005 - Roadmap for Office 365 client requirements and service connectivity:
- KB3201590: RPC over HTTP deprecated in Office 365 on October 31, 2017
- BRK2005 - Roadmap for Office 365 client requirements and service connectivity (Video & Slides)
OneDrive End of Support Notice - Windows Vista, Windows Server 2008, Mac OS X 10.9
Action Required by: November 1, 2017
Details: The OneDrive engineering team is committed to bringing you the best, most secure, end user experience possible. To support that commitment, the OneDrive Desktop application (sync client) is updating the matrix of supported operating systems to align with Office 365 and Windows support. These changes will go into effect November 1st, 2017.
Note: These operating systems have been out of mainline support for several years now.
After November 1st, OneDrive will be phasing out support for the following operating systems:
- Windows Vista SP2 (All versions)
- Windows Server 2008
- Mac OS X 10.9
Here’s what will happen:
- Existing OneDrive sync client installations on unsupported operating systems will stop updating. These clients will continue to run, but functionality will no longer be tested. It is not advised to continue to run on these unsupported operating systems.
- New installations on unsupported operating systems will be blocked.
- Bugs and issues found on or specific to unsupported operating systems will no longer be investigated or fixed.
To ensure a smooth transition we recommend that you upgrade machines on Windows Vista, Windows Server 2008, or Mac OS X 10.9 to supported operating systems before November 1, 2017.
What operating systems are still supported? We will continue to support:
- All 32- or 64-bit versions of Windows 10
- Windows 8 / 8.1
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Mac OS 10.10 or later
DirSync and Azure AD Sync Communication to Azure Active Directory
Action Required by: December 31, 2017
Details: As of April 13, 2017, Windows Azure Active Directory Sync (DirSync) and Azure AD Sync reached end of support, which means that you must first upgrade to Azure AD Connect before opening a support case. The following is noted in the Deprecation Schedule of the documentation:
- December 31, 2017: Azure AD will no longer accept communications from Windows Azure Active Directory Sync (“DirSync”) and Microsoft Azure Active Directory Sync (“Azure AD Sync”)
Office 365 ProPlus 2013 Availability & Supportability
Action Required by: February 28, 2017
Details: Office 2016 is the recommended version of Office 365 ProPlus and includes all the latest upgrades and new features. As we announced in September 2015, when we released Office 2016, beginning March 1, 2017, the Office 2013 version of Office 365 ProPlus will no longer be available for installation from the Office 365 portal. Beginning March 1, 2017, your users will no longer see Office 2013 as an option for download through the Office 365 portal, and admins will no longer have the option under Software download settings in the admin portal to choose to enable Office 2013. In addition, we will no longer provide feature updates for this version, nor provide support. We recommend you install Office 2016 as soon as possible to have the latest and greatest features and support.
Additional Information: KB3199744: Support for the 2013 versions of Office 365 ProPlus ends February 28, 2017
Removal of Site Mailboxes in SharePoint Online
Action Required by: March 1, 2017
Details: Beginning March 2017, new SharePoint Online organizations will no longer have access to the Site Mailbox feature, existing SharePoint Online organizations will no longer be able to create new Site Mailboxes; however, any Site Mailboxes provisioned prior to March 2017 will continue to function. In September 2017, we will have a process in place allowing you to transition your existing Site Mailbox site to an Office 365 Group. We will communicate again in June 2017, via Message Center, with more details. If you are using the Site Mailbox feature in SharePoint Online, you should consider transitioning to Office 365 Groups, to support email-centric collaborative scenarios.
- Learn about Office 365 Groups
- Microsoft Tech Community: Deprecation of Site Mailboxes (August 3, 2017)
- Use Office 365 Groups instead of Site Mailboxes
Change to unused anonymous links
Action Required by: March 30, 2017
Details: On March 30, 2017, we are adjusting how anonymous access and internal links (people within my organization) are used in SharePoint Online and OneDrive for Business – to improve reliability and manageability. We are standardizing how sharing links are used and registered in the system to offer you the greatest levels of creation, visibility and control. On March 30, SharePoint Online and OneDrive for Business will adjust aspects of anonymous access and internal links (people in my organization) that may impact any links generated before May 2016. Any links created before May 2016, and not used since, may no longer work and the owner will need to recreate a new anonymous link and share it again with the invitee. If a link had been generated AND used before May 2016, it will continue to work after this change. If you have any unused links that you want to continue to work, you just need to click on the link before March 30, 2017.
Additional Information: Share sites or documents with people outside your organization
Active Directory Synchronization (DirSync) Deprecation
Action Required by: April 12, 2017 at 5:59 PM UTC
Details: As we communicated, in April 2016, we will be removing the Windows Azure Active Directory Synchronization feature from Office 365, beginning April 13, 2017. Azure Active Directory (AD) Connect is the best way to connect your on-premises directory with Azure AD and Office 365. Azure AD Connect is replacing DirSync and Azure AD Sync and these two older sync engines were deprecated from April 13, 2016, reaching end of support April 13, 2017. You are receiving this message because you are using DirSync, Azure AD Sync, or an Azure AD Connect installation released before 2016. After April 13, 2017, you will no longer be able to open a support case without first upgrading to Azure AD Connect.
SharePoint Online Public Websites are going away
Action Required by: April 30, 2017 at 5:59 PM UTC
Details: As we originally communicated in March 2015, new Office 365 subscription plans no longer include the SharePoint Online public website feature. We notified all Office 365 customers that currently use this feature that they could continue using this feature for a minimum of two years. Beginning May 1, 2017, existing SharePoint Online organizations will no longer have access to the public website feature. Then, on September 1, 2017, we will be deleting the public site collection in SharePoint Online. Beginning May 1, 2017, people outside your organization will no longer have access to your public facing website. People inside your organization may be required to login to view your website. On September 1, 2017, when we delete the public site collection in SharePoint Online, you will no longer have access to the content, images, pages or any other files that reside on your public website. You are receiving this message because our reporting indicates your organization has the SharePoint Online public website feature enabled. Alternative public website solutions from industry leaders are now available, and you should begin investigating these alternatives to integrate your public presence within the Office 365 environment. Do this prior to May 1, 2017. Before September 1, 2017, you should make a backup copy of all your public website content, images, pages and files, so you don’t lose them permanently. If you need more time to move your public website, you have a one-time postponement option for up to one year. You must select the postpone option by May 1, 2017.
- Learn about partner website hosting and public websites in Office 365
- Information about changes to the SharePoint Online Public Website feature in Office 365
Update to Client Access Rules for Office 365 customers
Action Required by: May 31, 2017
Details: Microsoft is making a change that will impact how Client Access Rules (CAR) work in Office 365. We will be adding support for managing the REST API with Client Access Rules. Previously, the predicate for ExchangeWebServices (EWS) applied to both the EWS protocol and REST API. The upcoming updates to Exchange Client Access Rules will allow for these connection types to be managed independently. This update will be particularly important to those who are looking to deploy or currently using Outlook for iOS and Android, as those apps use REST APIs to sync mail, calendar and contact information with Office 365. On June 1, 2017, 60 days after REST is available and independently manageable, Microsoft will disable the ability for Outlook for iOS and Android to use EAS in favor of REST. Over the next several weeks, you will start seeing the REST predicate added to your existing CARs that include EWS predicates. This change will be visible on your existing CARs in Windows PowerShell. The changes will not affect the behavior of your existing CARs. If you are blocking EWS and want to use Outlook for iOS & Android, you will need to ensure that REST access is allowed by June 1, 2017, so that users do not lose email access in those apps.
Additional Information: Update of Client Access Rules for Office 365 customers
Access Web App deprecation in SharePoint Online
Action Required by: May 31, 2017
Details: We no longer recommend Access Services for new apps. This feature will be retired from Office 365. We will stop creation of new Access-based apps in SharePoint Online starting June 2017 and shut down any remaining apps by April 2018. We know that many of you have come to depend on Access custom web apps and we are working to make the transition to PowerApps as smooth as possible. We have added a feature to export your data to SharePoint lists where you can create PowerApps and Microsoft Flows. We have also published guidance on how to port your custom web app to PowerApps here. We will include Access Services and Access Web Apps in the next version of SharePoint Server. Access Web Apps and Access Services will continue to be supported in all current versions of on-premises SharePoint servers for the remainder of the product lifecycle. Note: Access Desktop databases (.ACCDB files) will not be impacted by this decision.
Posted: March 27, 2017 - Microsoft Tech Community: Updating the Access Services in SharePoint Roadmap
Additional Information: Access Services in SharePoint Roadmap
Project Online requirements are changing
Action Required by:
February 28, 2017 June 30, 2017
Details: Beginning June 30, 2017, Project Online will require the latest version of Project to connect to Office 365. We are making architectural changes to features in Project Online which impact older versions of Project, connecting to Project Online. Originally, we communicated this would happen on February 28, 2017, but have extended the deadline to June 30, 2017. We made this change based on customer feedback. If you are using Project 2016, you need to be on a supported build to connect to Project Online. For Project Professional 2016 customers, the RTM build (16.0.4266.1000) is the minimum build. For Office 365 customers using the Project Online Desktop Client (the subscription version of Project Professional 2016), you need to be on the previous Deferred Channel build (currently build 16.0.6741.2088) or any other build that is more recent. If you are using any prior version of Project, you will encounter issues connecting to Project Online. This change will not affect you if you are not connecting to Project Online. Make sure you've upgraded to a supported Project 2016 build, by June 30, 2017, to continue connecting to Project Online without interruption.
Additional Information: Using Project Online? Time to be sure you upgrade the client software
SharePoint Online eDiscovery Transition
Action Required by: July 1, 2017
Details: On July 1, 2017, Microsoft will disable the creation of new cases in the eDiscovery Center in SharePoint Online. Instead, we invite you to use the Security & Compliance Center to fulfill your organization’s eDiscovery needs. You will still be able to work with existing cases in the SharePoint eDiscovery Center. Microsoft is decommissioning these eDiscovery tools because of their limited breadth across Office 365 services. The Security & Compliance Center supports permissions, cases, holds and exports as well as Advanced eDiscovery features such as Themes, Email Threading, Near Duplicate Detections, and Predictive coding. These changes only apply to the eDiscovery Center in SharePoint Online. On-premises and dedicated deployments of these tools will continue to be supported.
Important notice for Office 365 email customers who have configured connectors
Action Required by:
February 1, 2017 July 5, 2017
Note: The original deadline to implement the necessary changes, outlined below, was moved from February 1, 2017 to July 5, 2017. This deadline was changed in order to accommodate customers who required additional implementation time. Both the blog post and KB article have been updated with the deadline changes, as well as with new content on the scenarios and resolution steps so please be sure to review them.
Details: Beginning July 5, 2017, Office 365 will no longer by default support relaying messages for the specific scenarios detailed below. If you’re an Exchange Online or Exchange Online Protection (EOP) subscriber and you have configured connectors, this might impact your organization. To make sure that your mail flow isn’t interrupted, we strongly recommend that you read the blog post and KB article and take any necessary action before the deadline (July 5th, 2017).
- Your organization has to send non-delivery reports (NDRs) from the on-premises environment to a recipient on the Internet, and it has to relay the messages through Office 365. For example, somebody sends an email message to firstname.lastname@example.org, a user who used to exist in your organization's on-premises environment. This causes an NDR to be sent to the original sender.
- Your organization has to send messages from the email server in your on-premises environment from domains that your organization hasn't added to Office 365. For example, your organization (Contoso.com) sends email as the fabrikam.com domain, which doesn’t belong to your organization.
- A forwarding rule is configured on your on-premises server and messages are relayed through Office 365. For example, Contoso.com is your organization’s domain. A user on your organization’s on-premises server, email@example.com, enables forwarding for all her messages to firstname.lastname@example.org. When email@example.com sends a message to firstname.lastname@example.org, the message is automatically forwarded to email@example.com. From the point of view of Office 365, the message is sent from firstname.lastname@example.org to email@example.com. Because Kate’s mail is forwarded, neither the sender domain nor the recipient domain belongs to your organization.
Posted: August 23, 2016 – Exchange Team Blog
Additional Information: KB3169958: Important notice for Office 365 email customers who have configured connectors
Update to Azure AD Conditional Access for Office.com
Action Required by: August 24, 2017
Details: On August 24th, a change will roll out that requires users to satisfy any policies set on Exchange Online and SharePoint Online when accessing Office.com. For example, if a policy requiring multi-factor authentication (MFA) or a compliant device has been applied to SharePoint or Exchange, this policy will also apply to users signing into Office.com. The main impact will be to users who use Office.com but have not already satisfied SharePoint and Exchange policies. In these cases, they can take the steps to satisfy policy or, in cases in which this is not an option, where users are attempting to access Office.com to install Office applications, they can do so from https://aka.ms/office-install.
This change addresses feedback we’ve gotten from customers who have noticed that some features break in Office.com when a policy is applied to Exchange or SharePoint. These include searching for documents and email, loading your customizations in the app launcher, creating new documents, and viewing your calendar. These features access Exchange and SharePoint data, so they’re subject to Exchange and SharePoint policies. By requiring users to satisfy these policies when they access Office.com users will have access to Exchange and SharePoint data, so these features will continue to work.
- Any policies that have been applied to Exchange and SharePoint browser access will apply
- Policies set specifically for mobile and desktop applications will be skipped since Office.com is accessed through the browser. This applies to conditional access policies set through the Azure Management Portal, the “Classic” Azure Portal, and the Intune management portal
- Policies set using Office 365 MDM will not apply since they are targeted for mobile apps
- If a policy is set for Exchange and SharePoint, both policies will take effect when Office.com is accessed
Additional Information: Enterprise Mobility + Security Blog: An update to Azure AD Conditional Access for Office.com
Improvements to the Office 365 ProPlus update model
Action Required by: September 12, 2017
Details: Moving to Office 365 ProPlus requires an initial upgrade and ongoing management of regular updates. Customers quickly see the benefits of the move, but they’ve also asked to simplify the update process—and to improve the coordination between Office and Windows. To respond to this feedback, we’re pleased to announce that we will align the Office 365 ProPlus and Windows 10 update model. This change will make planning and managing updates for both Office and Windows easier for customers using the Secure Productive Enterprise.
Targeting September 2017, we will make the following changes to the Office 365 ProPlus update model:
- Two updates a year: We will reduce the Office 365 ProPlus update cadence from three to two times a year, with semi-annual feature updates to Windows 10 and Office 365 ProPlus targeted for March and September.
- 18 months of support: We will extend the support period for Office 365 ProPlus semi-annual updates from 12 to 18 months (starting from first release) so IT professionals can choose to update once or twice a year.
- System Center Configuration Manager support: System Center Configuration Manager will support this new aligned update model for Office 365 ProPlus and Windows 10, making it easier to deploy and update the two products together.
As part of these changes, Office 365 ProPlus is changing the names of its update channels to make them more descriptive. All these changes will take place in September 2017.
Note: These changes also apply to Visio Pro for Office 365 and Project Online Desktop Client.
The new semi-annual schedule begins on September 12, 2017. This is a month earlier than the previously planned October release, so plan accordingly. For more information, see the upcoming schedule for Office 365 ProPlus releases and recommended next steps.
Additional Information: Overview of the upcoming changes to Office 365 ProPlus update management
Public Preview of Microsoft Graph Reporting APIs
Action Required by: September 30, 2017 at 5:59 PM UTC
Details: The usage reports in the Office 365 admin center enable admins to understand usage across the various services within Office 365. However, many of you already have existing reporting solutions—such as a company reporting application or a web portal—in place. To assure that you can monitor your IT services in one unified place, the usage reporting APIs complement the existing usage reports by allowing organizations and independent software vendors to incorporate the Office 365 activity data into their existing reporting solutions. Using this API, you can retrieve the data available in all the usage reports, including organization level summaries per service, as well as entity level (user, sites, accounts) detail usage information for different reporting periods of the last 7/30/90/180 days, and daily activity aggregates.
Any user with global admin or product admin rights (for Exchange, Skype for Business and SharePoint) in the organization can retrieve data through these APIs. You can leverage the Microsoft Graph documentation for the reporting API and submit feature requests by asking or voting on an idea on UserVoice. Please submit questions by posting them on Stack Overflow and tagging microsoftgraph.
With this announcement, we’re starting the deprecation of the following APIs available within the Office 365 Reporting Web Service: ConnectionbyClientType, ConnectionbyClientTypeDetail, CsActiveUser, CsAVConferenceTime, CsP2PAVTime, CsConference, CsP2PSession, GroupActivity, MailboxActivity, GroupActivity, MailboxUsage, MailboxUsageDetail, StaleMailbox and StaleMailboxDetail. We will remove these APIs, as well as any related PowerShell cmdlets, on October 1, 2017.
If you are currently using APIs or any of the related PowerShell cmdlets from the Office 365 Reporting Web Service, which are going to be replaced by the new APIs, please start planning the migration of any subsystems within your organization.
Posted: March 31, 2017 - What’s new in Office 365 administration—public preview of Microsoft Graph reporting APIs
Additional Information: Microsoft Graph documentation
Changes to the Token Lifetime Defaults in Azure AD
Action Required by: October 1, 2017
Details: As part of our efforts to eliminate unnecessary sign-in prompts while maintaining high levels of security, we are making some major improvements to how we manage refresh token lifetimes. Beginning October 1, 2017, the new default for Refresh Token Inactivity will be changed to 90 days. The new default for Single/Multi factor Refresh Token Max Age will be until revoked. The new default for Refresh Token Max Age for Confidential Clients will also be until revoked.
Note: This change will not apply in the following two scenarios:
- If you have configured the Refresh Token Max Inactive Time to a custom value
- If you have configured federation with Azure AD and another authentication system
You can override these settings with your own custom settings.
- Enterprise Mobility + Security Blog: Changes to the Token Lifetime Defaults in Azure AD
- Basics of tokens issued by Azure Active Directory