Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Support tip: On-premises Intune Exchange connector will be turned off in February 2024
By
Intune_Support_Team
Published Nov 16 2023 11:30 AM 5,593 Views
Intune_Support_Team
Microsoft
‎Nov 16 2023 11:30 AM

Support tip: On-premises Intune Exchange connector will be turned off in February 2024

‎Nov 16 2023 11:30 AM

Updated 02/21/2024 - We've ended support for all customers using the on-premises Intune Exchange connector. If you continue facing an issue where your environment is not working as expected, please open a support request via the Microsoft Intune admin center's Help and support blade or any of the other methods here: aka.ms/IntuneSupport for further assistance.

 

Microsoft Intune ended support for the on-premises Intune Exchange connector in July 2020, except for customers that were actively using it at the time. We've ended support for all customers and turned it off by February 19, 2024.

 

If you’re using the on-premises Intune Exchange connector, you’ll have received a notice in the Message center (MC673699) and you'll need to use a different method to enable Conditional Access for Exchange. We recommend taking one of the following actions:

 

Both of these methods support Intune app protection policies and Conditional Access through Outlook mobile for Exchange on-premises. While we strongly recommend using Exchange Online, if this isn’t an option for your organization, you can continue to manage on-premises Exchange users by enabling hybrid modern authentication (HMA) and configuring Conditional Access.

 

  1. The following steps will guide you through migrating from the Intune Exchange connector to hybrid modern authentication and Conditional Access: Enable HMA in Exchange organization.

Before enabling HMAensure that the prerequisites are understood and met:

The steps to configure Exchange server and HMA are documented here:

  1. How to configure Exchange Server on-premises to use Hybrid Modern Authentication.

 

  1. Configure a Microsoft Entra ID Conditional Access policy for Exchange Online.
    1. Go to the Microsoft Intune admin center > Devices > Conditional access > Create a new policy.
    2. Set the Users assignment to the on-premises Exchange user group that you would like the policy to apply to.
    3. Under Target resources, select Intune, then Select apps, then search for and select Office 365 Exchange Online (00000002-0000-0ff1-ce00-000000000000).
    4. Configure any conditions you want to set to determine when the policy is applied. For example, you can set the policy to apply to modern authentication clients by selecting the link under Client apps and selecting Browser or Mobile apps and desktop clients. For more information on conditions read: Conditions in Conditional Access policy - Microsoft Entra ID
    5. Configure the grant controls to determine which devices to grant access to or block from access. For example, to require devices to be enrolled and compliant in Intune, select the link under Grant, select Grant access, then select Require the device to be marked as compliant. For more information on Grants read: Grant - Microsoft Intune admin center
    6. Choose whether the policy is Report-only, On, or Off, and select Create.

 

  1. Uninstall the Exchange connector from the connector server.

    On the server that you installed the Exchange connector on, there are two options for removing the Exchange connector:

    1. Navigate to the control panel of the Exchange connector server, select Programs and Features, then right click on the Microsoft Intune Exchange Connector program and select uninstall.

      A screen capture of the Program and Features window showing the Microsoft Intune Exchange Connector that will need to be uninstalled.A screen capture of the Program and Features window showing the Microsoft Intune Exchange Connector that will need to be uninstalled.

    2. Alternatively, you can use the Exchange connector setup application to remove the connector. Open the Microsoft Intune Exchange Connector executable and run through the wizard to remove the connector.

      A screen capture of the Microsoft Intune Exchange Connector Setup wizard.A screen capture of the Microsoft Intune Exchange Connector Setup wizard.

      A screen capture of the option to remove the connector in the Microsoft Intune Exchange Connector Setup wizard.A screen capture of the option to remove the connector in the Microsoft Intune Exchange Connector Setup wizard.

    3. Once the connector has been uninstalled, delete the connector from the Intune admin center (Tenant administration > Exchange access > Exchange ActiveSync on-premises connector).

      A screen capture of the Exchange ActiveSync on-premises connector blade in the Microsoft Intune admin center.A screen capture of the Exchange ActiveSync on-premises connector blade in the Microsoft Intune admin center.
  2. Ensure you revoke the permissions for the user account which were configured to connect to the on-premises Exchange server and disable any accounts used by the Exchange Connector that are no longer required.

 

If you have any questions, leave a comment on this post or reach out on X @IntuneSuppTeam.

 

Post updates:

12/15/23: Updated expected timeline to complete to February 2024 (was Jan 2024).

02/01/24: Updated to include migration steps to HMA and Conditional Access.

02/21/24: Support has ended for the on-premises Intune Exchange connector.

0 Likes
Like
Version history
Last update:
‎Feb 26 2024 03:43 PM
Updated by:
Labels