Exchange and SameSite Updates

Exchange and SameSite Updates

The Stable release of the Google Chrome web browser (build 80, scheduled for release on February 4, 2020) features a change in how cookies are handled. Although the change is intended to discourage malicious cookie tracking, it’s also expected to severely affect many applications and services that are based on open standards.

For more information, see SameSite Updates on the Chromium Projects website.

Microsoft is committed to addressing this change in behavior in its products and services before the February 4, 2020 rollout date to ensure our customers are minimally impacted.

Exchange Online has already rolled out changes necessary to support this change and we do not anticipate any issues.

Exchange Server’s March Cumulative Updates will contain changes necessary to support this change. We will issue CU’s for Exchange Server 2016 and 2019 and we recommend upgrading to these versions to ensure compatibility. We’re investigating solutions for earlier versions of Exchange Server.

Given the date of our scheduled CU’s comes after Google Chrome’s release date of February 4th there might be some issues experienced by users.

To avoid issues, we recommend users switch to an alternate browser, or configure the site/URL used by OWA users to be excluded from the SameSite enforcement behavior in Chrome by using the LegacySameSiteCookieBehaviorEnabledForDomainList setting.

Additional information can be found on this page.

The Exchange Team