Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Microsoft to retire the OWA Light client in Exchange Server

0
Medium
Vulnerabilityweb
Published: 07/09/2026 (07/09/2026, 11:00:35 UTC)
Source: Bleeping Computer

Description

Microsoft plans to retire the Outlook Web Access (OWA) Light client in a future Exchange Server update, estimated for August 2026. OWA Light is a legacy, lightweight version of the Outlook Web App designed for older browsers and low-bandwidth conditions but offers limited features compared to the full Outlook on the web experience. The retirement aims to reduce legacy surface area and simplify ongoing engineering efforts. Administrators can proactively disable OWA Light using provided PowerShell commands. After removal, users must use the modern Outlook on the web experience.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/09/2026, 11:04:35 UTC

Technical Analysis

Microsoft announced that it will disable and remove the OWA Light client, a simplified version of Outlook Web Access designed for legacy browsers and constrained environments, in an upcoming Exchange Server update expected in August 2026. OWA Light has been deprecated since August 2024 due to its limited feature set and the evolution of modern browsers and network conditions. The removal will reduce legacy code exposure and focus development on the full Outlook on the web experience. Administrators can disable OWA Light immediately via Exchange management commands to block user access before the update is applied.

Potential Impact

The removal of OWA Light eliminates a legacy, less secure, and feature-limited webmail interface, thereby reducing the attack surface associated with legacy code. Users relying on OWA Light will no longer have access to this interface and must transition to the full Outlook on the web client. There are no direct exploit or vulnerability reports associated with this change. The impact is primarily operational and usability-related for environments still using OWA Light.

Mitigation Recommendations

Administrators should proactively disable OWA Light using the Exchange PowerShell commands "Set-OwaMailboxPolicy -OwaLightEnabled $false" to block OWA Light access and "Set-OwaVirtualDirectory -LogonPageLightSelectionEnabled $false" to remove the OWA Light selection option on the login page. This prepares environments for the upcoming removal and prevents users from accessing the deprecated client. No other immediate action is required as Microsoft will remove OWA Light in a future update.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-owa-light-retirement-in-exchange-server/","fetched":true,"fetchedAt":"2026-07-09T11:04:29.460Z","wordCount":672}

Threat ID: 6a4f803d68715ace4333ccda

Added to database: 07/09/2026, 11:04:29 UTC

Last enriched: 07/09/2026, 11:04:35 UTC

Last updated: 07/09/2026, 11:56:06 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses