u/hehe123exde

Hello everyone!

I've pretty much just started working with Zabbix in a M365/windows environment and I've helped the company that I'm currently doing my internship at to monitor things like:

- AD Replication
- Certificate expiration on "critical" certificates
- RDS-related monitoring
- Specific windows-services (that are not included in Zabbix templates for Windows)
- Other AD-related monitoring
And more.

I've also set up specific triggers for the monitoring I've created, adjusted some of the current triggers to behave more precisely, created a couple of dashboards, to be able to link some of the more important services/servers together in one place.

Outside of this I feel like we monitor the "standard stuff" in our Zabbix environment.

What I'm now looking for is not the "basic server/service monitoring", but more the things that templates and the basic configuration don't actually include/monitor.

Do you guys have any tips, tricks, or examples of things that are worth monitoring in Zabbix, but that people often miss when setting up their environment?

I'm especially interested in practical examples/tips from real environments.

Thanks in advance and take care!

Hello everyone,

I’m trying to get some clarity around the upcoming EWS retirement in Exchange Online, specifically the October 1, 2026 enforcement and the new AppID-based allow-listing Microsoft has mentioned.

From what I understand, Microsoft has communicated roughly the following:

• EWS in Exchange Online starts being blocked from October 1, 2026
• Final EWS shutdown is planned for April 1, 2027
• If EWSEnabled is left as $null, Microsoft will automatically set it to $false during the rollout
• To keep EWS working temporarily after October 1, 2026, the tenant must have:
  • EWSEnabled = $true
  • an AppID-based EWS AllowList

My confusion is around what actually happens in this scenario:

EWSEnabled = $true

…but no AppID AllowList is configured.

Does Microsoft still change EWSEnabled to $false, or does the setting remain $true but EWS calls are blocked because no AppIDs are allow-listed?

Also, has anyone actually found a working way to create/manage the new AppID-based EWS AllowList yet?

I am not talking about the old User-Agent based method:

Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceAllowList
Set-OrganizationConfig -EwsAllowList @{Add="SomeUserAgent"}

That method is not really useful for this case. Microsoft has talked about an AppID-based allow list, but I cannot find any clear working documentation or PowerShell example for creating an allow list based only on AppID / Client ID.

The EWS Usage Report in the Microsoft 365 admin center gives us AppIDs, but not always friendly app names. I can map some AppIDs manually through Entra Enterprise Applications / App registrations, but the missing piece is:

How do we actually allow-list EWS access by AppID only?

Questions:

1. Is the AppID-based EWS AllowList available in Exchange Online yet?
2. If yes, what is the exact PowerShell command/property to configure it?
3. If it is not available yet, is Microsoft still planning to release it before October 1, 2026?
4. Does setting only EWSEnabled=$true prevent Microsoft from auto-disabling EWS, or is the AppID AllowList also required to avoid that?
5. After October 1, 2026, does EWSEnabled=$true mean “EWS is enabled for all apps”, or only “EWS is enabled for allow-listed AppIDs”?

I’m trying to document this properly internally and avoid making assumptions based on vague Microsoft wording. Right now the public communication seems to say that EWSEnabled=True + AppID AllowList is required, but I cannot find a real working AppID allow-list configuration method yet.

Has anyone received a clear answer from Microsoft support/product group or successfully configured this already? According to a Microsoft article that was released early 2026 they were going to release a new allow-list (in "early 2026) where you could configure the list based ONLY on the AppID, but I can't find ANY information as to when or IF it's released already...

Thanks in advance!