This post is for the attention of all customers of our inbound email feature, and specifically for those customers who have connected it with Microsoft Office 365 online email service.

We currently use the EWS API to connect to O365 online but Microsoft will be removing support for this API next October 2026. This means that any products trying to connect to O365 via this API will fail to do so from that date onwards.

https://techcommunity.microsoft.com/blog/exchange/retirement-of-exchange-web-services-in-exchange-online/3924440?after=MjUuOHwyLjF8aXwxMHwxMzI6MHxpbnQsNDQ0MjcwNSw0MTcyMjE3

To address this, we will be adding support for the recommended MS-Graph API to our inbound email feature to ensure our customers can continue to avail of this service. This work is currently targeted to Q2 2026.

Unlike other EOL scenarios where customers can choose to upgrade after the time of EOL has passed, e.g. RHEL7, with this EOL, customers will have to upgrade to a product version that supports MS-Graph for email before the October date otherwise they will lose access to that email service.

Looking at support tickets we can see customers are using inbound email on a variety of older versions and this post is intended to give notice that customers should start planning the required upgrades to ensure there is no disruption to their processes involving email.

Please take time to review product documentation for the various V51 versions, and note the recommended upgrade process requires that each major upgrade be validated before proceeding to the next version.

https://www.ibm.com/docs/en/sqsp/51.0.0?topic=release-notes

Reviewing the "whats new" content will also highlight the new features that can be availed of with these upgrades.

The following support tech note may be a useful reference for upgrade planning

https://www.ibm.com/support/pages/ibm-qradar-soar-upgrade-checklist

With particular attention to this section;

With the recently adopted VRMF numbering scheme, you still need to upgrade sequentially, updating the "Modification" value as follows

• 50.x -> 51.0.0.x -> 51.0.1.x -> 51.0.2.x -> 51.0.3.x

• The third number, or the "Modification" number, is determined to be a "major release" which replaces the previous numbering convention of 47.x -> 48.x -> 49.x

• You are advised to install the latest point release, indicated by ".x"

For customers on versions older than V51, documentation will not be available online but see the following support tech note for how to access documentation for older versions

https://www.ibm.com/support/pages/qradar-soar-how-do-i-get-access-documentation-unsupported-versions

If you have any concerns or questions on this topic please contact your IBM reps or the PM team and we will be happy to discuss.

Hi Martin,

Is support for Gmail API on the roadmap?

Thanks,

Peter

This post is for the attention of all customers of our inbound email feature, and specifically for those customers who have connected it with Microsoft Office 365 online email service.

We currently use the EWS API to connect to O365 online but Microsoft will be removing support for this API next October 2026. This means that any products trying to connect to O365 via this API will fail to do so from that date onwards.

https://techcommunity.microsoft.com/blog/exchange/retirement-of-exchange-web-services-in-exchange-online/3924440?after=MjUuOHwyLjF8aXwxMHwxMzI6MHxpbnQsNDQ0MjcwNSw0MTcyMjE3

To address this, we will be adding support for the recommended MS-Graph API to our inbound email feature to ensure our customers can continue to avail of this service. This work is currently targeted to Q2 2026.

Unlike other EOL scenarios where customers can choose to upgrade after the time of EOL has passed, e.g. RHEL7, with this EOL, customers will have to upgrade to a product version that supports MS-Graph for email before the October date otherwise they will lose access to that email service.

Looking at support tickets we can see customers are using inbound email on a variety of older versions and this post is intended to give notice that customers should start planning the required upgrades to ensure there is no disruption to their processes involving email.

Please take time to review product documentation for the various V51 versions, and note the recommended upgrade process requires that each major upgrade be validated before proceeding to the next version.

https://www.ibm.com/docs/en/sqsp/51.0.0?topic=release-notes

Reviewing the "whats new" content will also highlight the new features that can be availed of with these upgrades.

The following support tech note may be a useful reference for upgrade planning

https://www.ibm.com/support/pages/ibm-qradar-soar-upgrade-checklist

With particular attention to this section;

With the recently adopted VRMF numbering scheme, you still need to upgrade sequentially, updating the "Modification" value as follows

• 50.x -> 51.0.0.x -> 51.0.1.x -> 51.0.2.x -> 51.0.3.x

• The third number, or the "Modification" number, is determined to be a "major release" which replaces the previous numbering convention of 47.x -> 48.x -> 49.x

• You are advised to install the latest point release, indicated by ".x"

For customers on versions older than V51, documentation will not be available online but see the following support tech note for how to access documentation for older versions

https://www.ibm.com/support/pages/qradar-soar-how-do-i-get-access-documentation-unsupported-versions

If you have any concerns or questions on this topic please contact your IBM reps or the PM team and we will be happy to discuss.

Hi Peter,

Can you connect to it via IMAP as it does support that, assuming the auth methods are sufficient.

We don't have gmail plans at present and with our current work on encrypted email (O365) and MS-Graph (outlined above) its unlikely that will change in the near future.

Hi Martin,

Is support for Gmail API on the roadmap?

Thanks,

Peter

This post is for the attention of all customers of our inbound email feature, and specifically for those customers who have connected it with Microsoft Office 365 online email service.

We currently use the EWS API to connect to O365 online but Microsoft will be removing support for this API next October 2026. This means that any products trying to connect to O365 via this API will fail to do so from that date onwards.

https://techcommunity.microsoft.com/blog/exchange/retirement-of-exchange-web-services-in-exchange-online/3924440?after=MjUuOHwyLjF8aXwxMHwxMzI6MHxpbnQsNDQ0MjcwNSw0MTcyMjE3

To address this, we will be adding support for the recommended MS-Graph API to our inbound email feature to ensure our customers can continue to avail of this service. This work is currently targeted to Q2 2026.

Unlike other EOL scenarios where customers can choose to upgrade after the time of EOL has passed, e.g. RHEL7, with this EOL, customers will have to upgrade to a product version that supports MS-Graph for email before the October date otherwise they will lose access to that email service.

Looking at support tickets we can see customers are using inbound email on a variety of older versions and this post is intended to give notice that customers should start planning the required upgrades to ensure there is no disruption to their processes involving email.

Please take time to review product documentation for the various V51 versions, and note the recommended upgrade process requires that each major upgrade be validated before proceeding to the next version.

https://www.ibm.com/docs/en/sqsp/51.0.0?topic=release-notes

Reviewing the "whats new" content will also highlight the new features that can be availed of with these upgrades.

The following support tech note may be a useful reference for upgrade planning

https://www.ibm.com/support/pages/ibm-qradar-soar-upgrade-checklist

With particular attention to this section;

With the recently adopted VRMF numbering scheme, you still need to upgrade sequentially, updating the "Modification" value as follows

• 50.x -> 51.0.0.x -> 51.0.1.x -> 51.0.2.x -> 51.0.3.x

• The third number, or the "Modification" number, is determined to be a "major release" which replaces the previous numbering convention of 47.x -> 48.x -> 49.x

• You are advised to install the latest point release, indicated by ".x"

For customers on versions older than V51, documentation will not be available online but see the following support tech note for how to access documentation for older versions

https://www.ibm.com/support/pages/qradar-soar-how-do-i-get-access-documentation-unsupported-versions

If you have any concerns or questions on this topic please contact your IBM reps or the PM team and we will be happy to discuss.

This post is for the attention of all customers of our inbound email feature, and specifically for those customers who have connected it with Microsoft Office 365 online email service.

We currently use the EWS API to connect to O365 online but Microsoft will be removing support for this API next October 2026. This means that any products trying to connect to O365 via this API will fail to do so from that date onwards.

https://techcommunity.microsoft.com/blog/exchange/retirement-of-exchange-web-services-in-exchange-online/3924440?after=MjUuOHwyLjF8aXwxMHwxMzI6MHxpbnQsNDQ0MjcwNSw0MTcyMjE3

To address this, we will be adding support for the recommended MS-Graph API to our inbound email feature to ensure our customers can continue to avail of this service. This work is currently targeted to Q2 2026.

Unlike other EOL scenarios where customers can choose to upgrade after the time of EOL has passed, e.g. RHEL7, with this EOL, customers will have to upgrade to a product version that supports MS-Graph for email before the October date otherwise they will lose access to that email service.

Looking at support tickets we can see customers are using inbound email on a variety of older versions and this post is intended to give notice that customers should start planning the required upgrades to ensure there is no disruption to their processes involving email.

Please take time to review product documentation for the various V51 versions, and note the recommended upgrade process requires that each major upgrade be validated before proceeding to the next version.

https://www.ibm.com/docs/en/sqsp/51.0.0?topic=release-notes

Reviewing the "whats new" content will also highlight the new features that can be availed of with these upgrades.

The following support tech note may be a useful reference for upgrade planning

https://www.ibm.com/support/pages/ibm-qradar-soar-upgrade-checklist

With particular attention to this section;

With the recently adopted VRMF numbering scheme, you still need to upgrade sequentially, updating the "Modification" value as follows

• 50.x -> 51.0.0.x -> 51.0.1.x -> 51.0.2.x -> 51.0.3.x

• The third number, or the "Modification" number, is determined to be a "major release" which replaces the previous numbering convention of 47.x -> 48.x -> 49.x

• You are advised to install the latest point release, indicated by ".x"

For customers on versions older than V51, documentation will not be available online but see the following support tech note for how to access documentation for older versions

https://www.ibm.com/support/pages/qradar-soar-how-do-i-get-access-documentation-unsupported-versions

If you have any concerns or questions on this topic please contact your IBM reps or the PM team and we will be happy to discuss.

------------------------------
Martin Feeney
Product Manager, IBM Security QRadar SOAR
martin.feeney@ie.ibm.com
------------------------------

Cool!

I want to add a technical recommendation here...

A lot of vendors using the Graph API for email access forget to mention that by default the Graph API mail permissions give an application access to all mailboxes. Smaller orgs are more likely to miss this important security implication. 

Microsoft has a note about this on permissions, for example:

https://learn.microsoft.com/en-us/graph/permissions-reference#mailreadwrite

• Administrators can configure application access policy to limit app access to specific mailboxes and not to all the mailboxes in the organization, even if the app has been granted the Mail.ReadWrite application permission.

Note: Microsoft has since moved away from Application Access Policies and is instead recommending Application RBAC assignments, the hyperlinked Application Access Policy doc is now labeled as legacy for this reason.

It would be nice if IBM noted this recommendation in the upcoming change/implementation documentation, to ensure organizations follow best practice and implement an application RBAC assignment for the Exchange Online mailbox access via Graph:

https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac" href="https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac" rel="noreferrer noopener" target="_blank" class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" title="https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac">https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac

https://www.alitajran.com/rbac-applications-exchange-online/

------------------------------
Jared Fagel
Cyber Security Analyst
ALLETE Inc.

Original Message:
Sent: Wed October 22, 2025 08:46 AM
From: Martin Feeney
Subject: Attention : Inbound Email Upgrade Requirement

This post is for the attention of all customers of our inbound email feature, and specifically for those customers who have connected it with Microsoft Office 365 online email service.

We currently use the EWS API to connect to O365 online but Microsoft will be removing support for this API next October 2026. This means that any products trying to connect to O365 via this API will fail to do so from that date onwards.

https://techcommunity.microsoft.com/blog/exchange/retirement-of-exchange-web-services-in-exchange-online/3924440?after=MjUuOHwyLjF8aXwxMHwxMzI6MHxpbnQsNDQ0MjcwNSw0MTcyMjE3

To address this, we will be adding support for the recommended MS-Graph API to our inbound email feature to ensure our customers can continue to avail of this service. This work is currently targeted to Q2 2026.

Unlike other EOL scenarios where customers can choose to upgrade after the time of EOL has passed, e.g. RHEL7, with this EOL, customers will have to upgrade to a product version that supports MS-Graph for email before the October date otherwise they will lose access to that email service.

Looking at support tickets we can see customers are using inbound email on a variety of older versions and this post is intended to give notice that customers should start planning the required upgrades to ensure there is no disruption to their processes involving email.

Please take time to review product documentation for the various V51 versions, and note the recommended upgrade process requires that each major upgrade be validated before proceeding to the next version.

https://www.ibm.com/docs/en/sqsp/51.0.0?topic=release-notes

Reviewing the "whats new" content will also highlight the new features that can be availed of with these upgrades.

The following support tech note may be a useful reference for upgrade planning

https://www.ibm.com/support/pages/ibm-qradar-soar-upgrade-checklist

With particular attention to this section;

With the recently adopted VRMF numbering scheme, you still need to upgrade sequentially, updating the "Modification" value as follows

• 50.x -> 51.0.0.x -> 51.0.1.x -> 51.0.2.x -> 51.0.3.x

• The third number, or the "Modification" number, is determined to be a "major release" which replaces the previous numbering convention of 47.x -> 48.x -> 49.x

• You are advised to install the latest point release, indicated by ".x"

For customers on versions older than V51, documentation will not be available online but see the following support tech note for how to access documentation for older versions

https://www.ibm.com/support/pages/qradar-soar-how-do-i-get-access-documentation-unsupported-versions

If you have any concerns or questions on this topic please contact your IBM reps or the PM team and we will be happy to discuss.

------------------------------
Martin Feeney
Product Manager, IBM Security QRadar SOAR
martin.feeney@ie.ibm.com
------------------------------