This post has been republished via RSS; it originally appeared at: MSDN Blogs.
There is a change being introduced to on-premise Exchange servers 2010, 2013, 2016 and 2019 through cumulative updates which will break existing EWS Push applications which authenticate the notifications sent from Exchange to the listening client. Every developer and programmer who works with a program that uses EWS Push needs to read the article below and make the needed changes. All administrators should also read these articles, consider the recommended changes, and reach out to their vendors about possible impact to their application which use EWS Push notifications.
Exchange Web Services Push Notifications can be used to gain unauthorized access
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
The article points to setting a throttling policy for push which will prevent Push notifications from being sent from the server to the client.
Set-ThrottlingPolicy
https://docs.microsoft.com/en-us/powershell/module/exchange/server-health-and-performance/set-throttlingpolicy?view=exchange-ps
Keep in mind that push notifications sent from the server to the EWS listener have very basic information – such as item ids and the event which fired.