Exchange ActiveSync Certificate-Based Authentication now supports TLS 1.3, routing traffic to new tenant-location-based endpoints. Most clients will redirect seamlessly, but organizations using Secure Email Gateways may need to update firewall settings. Rollout began globally, expanding to other clouds by November 2025.
Applies to: Exchange Online
Source: mc.merill.net — data via Merill Fernando's open archive (MIT).