MicrosoftI disagree that this makes management easier and gives more control. For an environment where I want it disabled by default, with the old method I could disable it at the tenant level to capture everyone, then enable it on individual mailboxes to allow. With the new experience, I now have to enable it at the tenant level, disable it specifically on every mailbox, and enable it for those few mailboxes I may want it enabled for. This also doesn't capture new mailboxes, where my understanding is the default setting at the mailbox level is Null (thus EWS will be enabled for all new mailboxes due to the tenant setting!).
Same reflection here, previously the most secure policy was to disable EWS orgwide and just enable it on the handful of mailboxes that really really needed it.
With this change, if there's even a single mailbox still needing EWS for some reason, you are now forced to enable EWS orgwide and disable it on each individual mailbox (and don't forget to explicitly disable it when new mailboxes are created).
Might be trivial if you have an org with a few 100 mailboxes, but in complex orgs with multiple admin tiers that's a different story.
This actually will make it a lot harder to prepare for the decomissioning of EWS in 2026 (since people can and will forget to disable EWS).
Would actually make a lot more sense if the default (null) orgwide setting would change to False and leave the user setting as it is (i.e. an override of the orgwide setting), since that would force people who just leave everything at the default to start thinking about this...
