
To implement Exchange Web Services, you'll need to understand the basics of SOAP and XML. SOAP is a protocol for exchanging structured information in the implementation of web services.
Exchange Web Services use SOAP to communicate with the Exchange server. This allows developers to create custom applications that interact with Exchange.
You can use the EWS Managed API to simplify the development process. This .NET library provides a set of classes and methods that make it easier to work with EWS.
The EWS Managed API is built on top of the EWS SOAP API, so you can use it to access the same functionality as the SOAP API. This makes it a popular choice for developers.
Readers also liked: Api and Webservices
Getting Started
You can change the names of the access points in the Exchange Administration Center by going to Servers/Virtual Directories. This allows you to customize the URLs for your Exchange Web Services.
To set up the URLs, you can use the PowerShell with the Set-WebServicesVirtualDirectory cmdlet and the InternalUrl and ExternalUrl parameters. Make sure to store these URLs in the certificate and limit the number of names to as few as possible.
Impersonation is a feature that allows a process to pretend to be the corresponding user and work in their context. You can create a corresponding role in the EAC and assign it to the service user.
Basic functions like writing a log or sending an email to the administrator are possible independently of EWS. You can also clear all emails older than 30 days from the trash, which is a useful option for any mailbox.
To get started with writing your first .NET Framework or EWS client application, see Get started with EWS Managed API client applications or Get started with EWS client applications.
Here are some resources to help you get started:
- Exchange code samples
- CodePlex
- Exchange API documentation
- Exchange Development forum
You can also use the EWSEditor, which implements most of the EWS functionality, or find client libraries for EWS development in languages like Java, Python, PHP, and others.
EWS Basics
The EWS service is described by three files, which each have their own function: one describes the contract between the client and server, the second defines the request and response SOAP messages, and the third defines the elements used in the SOAP messages.
These files are not used for schema validation, and the EWS schemas are backward- and forward-compatible, so an application that targets an earlier schema version will also work with a later schema version.
Here are the three files that describe the EWS service:
- One file describes the contract between the client and server.
- Another file defines the request and response SOAP messages.
- The third file defines the elements used in the SOAP messages.
Exchange Web Services .NET is a .NET Framework / .NET Core API for Microsoft Exchange server, offering complete Exchange Web Services functionality, including creating, updating, moving, and copying items and folders, searching items and folders, sending messages, and sending meeting requests.
What Is EWS
EWS is a .NET Framework / .NET Core API for Microsoft Exchange server, offering complete Exchange Web Services functionality.
The API assemblies are provided for server-side EWS client applications and deployed on all Exchange Server roles.
EWS is described by three files and EWS Managed API assemblies. Each file has its own function: one describes the contract between the client and server, the second defines the request and response SOAP messages, and the third defines the elements used in the SOAP messages.
Readers also liked: Microsoft Exchange Server
These files are not used for schema validation.
EWS schemas are backward- and forward-compatible, so an application that targets an earlier schema version will also work with a later schema version.
A SOAP/XML message is required for applications to access information from the Exchange store, and this message must conform to the Services.wsdl file on the CAS for Exchange Online.
Autodiscover
Autodiscover is a crucial component in Exchange architecture, and it's not just about discovering your Outlook settings. Autodiscover is responsible for fetching user settings.
It's a process that involves several key tasks, including getting user settings, autodiscovering Outlook providers, and autodiscovering MobileSync providers. Here are the specific tasks that Autodiscover performs:
- Get user settings
- Autodiscover Outlook provider
- Autodiscover MobileSync provider
In the context of Exchange on-premises architecture, Autodiscover relies on Client Access Servers (CAS) to perform these tasks. CAS servers are load-balanced groups of servers that authenticate requests and proxy received requests to the Mailbox server.
EWS Architecture
EWS Architecture is a robust system that allows applications to work seamlessly with both on-premises and online versions of Microsoft Exchange.
EWS applications can be installed on a client or on an Exchange on-premises Client Access Server (CAS), which is a key part of the EWS architecture.
These applications are a crucial component of the EWS system, enabling users to access and manage their email and other Exchange data.
The EWS architecture also includes other important elements that work in conjunction with the applications to provide a comprehensive solution.
Explore further: Secure-adaptive Architecture
Security and Authentication
Exchange Web Services (EWS) offers several authentication methods for different types of applications. Client applications use New Technology Lan Manager (NTLM) authentication, while portal applications use Open Authorization (OAuth) authentication.
Service applications can use either impersonation or OAuth for authentication. This allows developers to create multiple types of EWS applications using a uniform development model.
To access data, you need a user account with appropriate rights for the mailboxes. For Exchange, assign the corresponding "ApplicationImpersonation" role to a user with the following command.
A fresh viewpoint: Azure Authentication vs Exchange Token Authentication
Microsoft has recommended using the same name range for internal and external connections since Exchange 2007. This simplifies client access to all servers in an environment.
Microsoft has decided to switch off basic authentication for EWS at Exchange Online, with a deadline of the second half of 2021. This is due to the potential for attack and the complexity of additional security mechanisms like multi-factor authentication.
Basic authentication was previously a fast way to log on, but it's now being replaced by state-of-art authentication methods like Active Directory Authentication Library (ADAL) and OAuth 2.0.
Microsoft 365 offers various OAuth2 authentication methods, including:
- OAuth2 authentication using username / password
- OAuth2 authentication using client secret
- OAuth2 authentication using device code
- OAuth2 authentication using authorization code
Authentication
Authentication is a crucial aspect of security, especially when it comes to accessing Exchange servers. Different EWS applications use different authentication methods, such as NTLM authentication for client applications and OAuth authentication for portal applications.
Client applications, for instance, use New Technology Lan Manager (NTLM) authentication, while portal applications use Open Authorization (OAuth) authentication. Service applications can use either impersonation or OAuth for authentication.
To access data, you need a user account with appropriate rights for the mailboxes. You can assign the corresponding "ApplicationImpersonation" role to a user with the following command.
Microsoft decided to switch off basic authentication for EWS at Exchange Online in 2020, due to its potential for attack. This decision was postponed due to COVID-19 and is now scheduled for the second half of 2021.
In the future, logon will be based on state-of-art authentication with Active Directory Authentication Library (ADAL) and OAuth 2.0. This change aims to provide a more secure way of accessing Exchange servers.
Here are the different types of authentication methods used for Microsoft 365:
- Authentication for Exchange server (on-premises)
- Authentication for Microsoft 365 - Basic authentication
- Authentication for Microsoft 365 - OAuth2 authentication using username / password
- Authentication for Microsoft 365 - OAuth2 authentication using client secret
- Authentication for Microsoft 365 - OAuth2 authentication using device code
- Authentication for Microsoft 365 - OAuth2 authentication using authorization code
These authentication methods are used to ensure secure access to Exchange servers and data.
Retention Policy
A well-implemented retention policy is crucial for maintaining the security and integrity of your data.
Data is typically retained for a minimum of 30 days to allow for incident response and forensic analysis in case of a security breach.
Explore further: Historical Website Traffic Data
This timeframe is essential for identifying and containing potential threats.
In addition, data is also retained for compliance purposes, such as meeting regulatory requirements for financial institutions.
For instance, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants to retain payment card data for at least 180 days.
Data is also retained for business continuity purposes, such as disaster recovery and data backup.
Adequate data retention policies ensure that organizations can recover quickly in the event of a disaster.
Here's an interesting read: Google Cloud Platform Data Centers
Client and Server Configuration
To set up your Exchange Web Services, you'll need to configure the client and server properly. This involves setting the right authentication methods, such as Kerberos or NTLM authentication.
Using Kerberos authentication requires a Service Principal Name (SPN) to be registered in Active Directory. This allows the client to authenticate with the server securely.
The server needs to be configured to use the correct authentication protocol, which can be set through the Exchange Management Shell. By default, the server uses NTLM authentication, but you can change this to Kerberos if desired.
If this caught your attention, see: History of Microsoft Exchange Server
Client Access Servers
Client Access Servers are a load-balanced group of servers that handle authentication requests and proxy received requests to the Mailbox server.
They're thin and stateless, meaning they can't store or queue data or do any data rendering, so a CAS server and load balancer are required for these activities.
Individual CAS servers authenticate requests, perform Exchange Autodiscover lookups, and forward requests to the Mailbox server.
Recommended read: Google Cloud Platform Data
Client Applications
Client applications are standalone programs that use EWS to access data from Exchange. They can do this either directly or by delegating access to retrieve the required data.
Users can only access their own mailbox information with their own logon credentials due to Basic, NTLM, or Kerberos authentication. Examples of client applications include Outlook, Outlook on the Web, and Microsoft Teams.
These applications send a request to the Exchange server in an XML message based on SOAP. The request message is in XML format but complies with the SOAP standard.
Here are some examples of client applications that use EWS:
- Outlook
- Outlook on the Web (formerly Outlook Web App)
- Microsoft Teams
Microsoft Server and API
Microsoft Exchange Web Services (EWS) is an application program interface (API) that lets applications access items in a Microsoft Exchange email mailbox. EWS was first available in Exchange Server 2007.
EWS is a cross-platform managed API that provides Exchange administrators with the flexibility to store, retrieve, move and modify email and email-related data. This data may belong to a single user, a group of users and even an entire Exchange Server organization.
The EWS API includes several features that are also available in Exchange Online and Exchange 2013 onwards, such as EDiscovery, archiving, retention policies, and mail apps for Outlook management.
A unique perspective: Exchange Html Signature
Microsoft Server Versions
Microsoft Exchange Web Services (EWS) is supported on various Microsoft Exchange server versions. The first version to support EWS was Exchange Server 2007.
Exchange Server 2007 was the initial version to offer EWS. This marked a significant milestone in accessing Exchange data through APIs. EWS provides a cross-platform managed API for Exchange administrators.
Microsoft Exchange server 2010 was also supported by EWS. This version built upon the capabilities of Exchange Server 2007. EWS continued to evolve, offering more features and functionality.
The following Microsoft Exchange server versions are supported by EWS: Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
Here are the supported Microsoft Exchange server versions:
- Microsoft Exchange server 2007
- Microsoft Exchange server 2010
- Microsoft Exchange server 2013
- Microsoft Exchange server 2016
- Microsoft Exchange server 2019
- Microsoft 365
Service Applications
Service applications are the background jobs built into an existing application to integrate or synchronize data between a system and Microsoft Exchange.
They can be used to synchronize contact information from Exchange into a CRM application, for example.
Most service applications do not have a user interface, which means you interact with them indirectly through other applications.
Service applications use either impersonation or OAuth for authentication, data access, and mailbox operations for multiple accounts.
Curious to learn more? Check out: Microsoft Exchange Application
.NET Standard 1.1.3
The .NET Standard 1.1.3 is a version of the .NET Standard that provides a set of APIs and libraries that can be used across multiple .NET implementations. It's a key component of the Microsoft Server and API ecosystem.

The .NET Standard 1.1.3 is compatible with .NET Standard 2.0, which means that any project targeting .NET Standard 1.1.3 can also target .NET Standard 2.0.
Here are the target framework versions for .NET Standard 1.1.3:
The .NET Standard 1.1.3 is also compatible with several other frameworks, including .NET Framework 4.6 and later versions.
PowerShell and EWS Managed API
You can access the EWS Managed API directly via PowerShell, which is a great way to automate tasks related to Exchange. The EWS Managed API can be used to download attachments of an email, a functionality also used by many archive providers.
To get started, you need to define the variables, including the path to the WebServices.dll for the Managed API 2.2, which is used to define the mailbox with the folder to be checked, along with the access credentials.
The script loads the API DLL using the Import-Module cmdlet, making various operators available. This allows you to create a new object to connect to EWS using the New-Object cmdlet.
You might enjoy: Object Storage Google
A specific version of Exchange is not necessary, nor does it have to match the version of your server. It only defines the lowest supported version.
The EWS-API offers different possibilities to determine access points, such as autodiscover of the domain or a fixed assignment.
The script can be extended further, and the processed emails could easily be moved to another suborder using the Move method.
Here's a summary of the basic steps to get started with using PowerShell and EWS Managed API:
- Define the variables, including the path to the WebServices.dll and access credentials.
- Load the API DLL using the Import-Module cmdlet.
- Create a new object to connect to EWS using the New-Object cmdlet.
- Use the EWS-API to determine access points, such as autodiscover of the domain or a fixed assignment.
- Extend the script to perform additional tasks, such as moving processed emails to another suborder.
Load Balancing and Applications
Load balancer is a crucial component in Exchange on-premises architecture, responsible for distributing SOAP/XML messages to a CAS in the CAS array. This ensures that incoming requests are evenly distributed among the CAS servers, preventing any single server from becoming overwhelmed.
The load balancer plays a vital role in maintaining the availability and responsiveness of Exchange Web Services. By distributing the workload, it helps prevent bottlenecks and ensures that users can access the services they need without delays.
Load Balancer
A load balancer is a crucial component in certain architectures, like the Exchange on-premises setup. It's responsible for distributing SOAP/XML messages to a CAS in the CAS array.
In an Exchange on-premises architecture, the load balancer is only visible. This is in contrast to other architectures where it's not a distinct component.
Its primary function is to distribute the workload across multiple servers, ensuring that no single server becomes overwhelmed. This is especially important in environments where high traffic is expected.
The load balancer plays a vital role in maintaining the performance and reliability of the system. By distributing the workload evenly, it helps to prevent server crashes and downtime.
Applications
Applications can access Exchange mailbox items using Microsoft Exchange Web Services (EWS). EWS sends a request to the Exchange server in an XML message based on SOAP, which is embedded in an HTTP/HTTPS message.
The Exchange server verifies the credentials provided by the client and automatically parses the XML for the requested data. This process involves building a SOAP response containing XML data, representing the requested strongly typed objects and their properties.
For another approach, see: Xml and Web Services
Client applications are a type of application created with EWS in Exchange, and they use EWS to retrieve and access data from Exchange. These applications can access information in their own mailbox using their own logon credentials.
Examples of client applications include Outlook, Outlook on the Web, and Microsoft Teams. These applications use Basic, NTLM (older Windows), or Kerberos (Windows integrated) authentication to access Exchange data.
Some common types of applications created with EWS in Exchange include:
- Client applications
- Server applications
- Trusted partner applications
Client applications can access data from Exchange via direct client access or by delegating access to retrieve the required data. This means users can only access the information in their own mailbox with their own logon credentials.
Frequently Asked Questions
What replaces Exchange Web Services?
Microsoft Graph replaces Exchange Web Services (EWS) access to Exchange Online, marking a shift in how developers interact with Exchange data. This change was announced in 2018 and affects Basic Authentication support for EWS in Exchange Online.
Featured Images: pexels.com


