MicrosoftYou wrote "The old behavior has led to inconsistencies and security concerns. It can be challenging for administrators to ensure uniform policy enforcement across their organization, particularly in large and complex environments. To address these issues, we are altering the behavior so that EWS will only be allowed if both the organization-level and user-level EWSEnabled flags are true."
No, the new behavior is NOT more secure. If I have a handfull of users, who are an exception, I explicitly set them to "allow", while the Default is false.
Now, I have to set the Default to true, to allow a few exceptions. But new mailboxes get the default, i.e. they are allowed. I have lost control instead of gaining it. Moreover I now have to write a script that runs regularly to find these new mailboxes and set them to false. I am no programmer, so for me it is difficult to write an error proof script, especially with the the challenges of automated access to M365 and the ever changing APIs. The script will run mabye hourly. So there is a security gap, assuming the script runs successfully.
You call that an improvement for security and administration? No, it is **bleep** stupid.
