Microsoft has released the May 2026 Hotfix Update for Exchange Server Subscription Edition (SE), an optional non-security update that delivers a pivotal new capability for hybrid organizations: the ability to begin migrating their rich coexistence configurations from the aging Exchange Web Services (EWS) to the modern Microsoft Graph API. The update, available in early May 2026, equips administrators with the necessary tools and frameworks to start transitioning the foundational APIs that power hybrid free/busy, mailbox moves, and cross-premises administrative operations, setting the stage for better performance, stronger security, and future-proof connectivity.

This hotfix arrives as part of Exchange Server SE’s cumulative update model, meaning it bundles all previously released fixes while adding this specific functionality. Organizations running any supported Exchange Server SE hybrid deployment can download and install the update at their convenience; it does not introduce new security patches but instead focuses on laying the groundwork for a long-term architectural shift.

A Long-Awaited Transition

The path to this moment has been years in the making. Exchange Web Services (EWS) has served as the backbone for programmatic access to Exchange data—both on-premises and in Exchange Online—since its introduction in Exchange 2007. It handles everything from calendar sharing and delegate access to mailbox provisioning in hybrid environments. However, Microsoft announced the impending retirement of EWS for Exchange Online back in 2023, initially targeting October 1, 2026, as the final cutoff for non-essential clients, with a full block expected later.

For hybrid deployments, the situation was more complex. On-premises Exchange servers rely heavily on EWS to maintain coexistence with Exchange Online. Classic hybrid free/busy queries, Mailbox Replication Service (MRS) proxy operations, and even certain admin interfaces all depend on the underlying EWS endpoints. Simply shutting off EWS in the cloud would break these scenarios. Microsoft’s strategy has been to gradually replace EWS with Graph-based alternatives that not only replicate the functionality but improve upon it with modern authentication, richer data models, and better throttling.

Exchange Server SE, the subscription-based successor to Exchange Server 2019, launched in late 2025 with a clear commitment to cloud-aligned innovation. With this May 2026 hotfix, Microsoft delivers on the promise to provide a smooth migration path for hybrid customers, letting them start moving coexistence workloads to Graph while EWS remains available for backward compatibility during the transition window.

What the Hotfix Delivers

At its core, the update enables a new configuration mode for hybrid setups: the ability to use Microsoft Graph as the primary protocol for certain coexistence tasks that previously went through EWS. This is not a mandatory switch—administrators can choose to activate the Graph-based paths either globally or for specific workloads, and they can roll back to EWS if issues arise.

Key technical additions include:

  • Graph-based hybrid free/busy lookup: The cloud-side Organization Relationship can now be configured to use Microsoft Graph instead of EWS for cross-premises calendar availability. This leverages the findMeetingTimes and scheduling APIs, which are already used by Microsoft 365 apps, resulting in faster and more consistent availability queries.
  • Mailbox move proxy via Graph: The hybrid MRS proxy, which orchestrates mailbox moves between on-premises and Exchange Online, gains an alternative transport that uses Graph. This reduces dependency on the legacy EWS autodiscover chain and can improve throughput when moving large numbers of mailboxes.
  • Admin metadata sync: The set-OrganizationRelationship and Get-IntraOrganizationConfiguration cmdlets are extended with a -CoexistenceProtocol parameter that accepts “EWS” or “Graph”, giving administrators fine-grained control over how their hybrid links communicate.

These features are exposed through familiar Exchange Management Shell cmdlets, but they require that the Exchange Online side has the corresponding Graph endpoints enabled—something Microsoft has been rolling out progressively in Microsoft 365 tenants since early 2026.

Why Graph Matters for Coexistence

Microsoft Graph isn’t just a replacement for EWS; it represents a fundamental upgrade in how hybrid services connect. The benefits are both immediate and strategic:

  • Modern authentication: All Graph calls use OAuth 2.0 token-based authentication, typically through Azure AD (or its successors). This eliminates the complex certificate and basic-auth fallback scenarios that have haunted hybrid deployments.
  • Better performance and scalability: Graph is a cloud-native, globally distributed service with intelligent routing. Hybrid operations that rely on Graph bypass the on-premises CAS role in many cases, reducing latency and single points of failure.
  • Unified API surface: Organizations already using Graph for Teams, SharePoint, or ID management can apply the same developer skills, monitoring tools, and governance policies to their hybrid Exchange workloads.
  • Future-proofing: As EWS deprecation in Exchange Online continues on schedule, hybrid deployments that adopt Graph early will be insulated from any service disruptions.

The hotfix also paves the way for richer coexistence features that EWS could never support—such as real-time presence, Teams integration during mail migrations, and advanced analytics on cross-premises communication patterns.

Understanding the Migration Path

Moving from EWS to Graph for hybrid coexistence isn’t a single-step flip of a switch. It’s a phased process that Microsoft has mapped out in three broad stages:

  1. Assessment: Use the updated Test-HybridConnectivity cmdlet, which now includes tests for Graph-based functionality, to validate that all prerequisites are in place. This includes checking that the appropriate Microsoft Graph permissions are granted in Azure AD, that the on-premises Exchange Server can reach the required Graph endpoints, and that the hybrid configuration is otherwise healthy.

  2. Controlled pilot: Start with a non-critical workload—typically hybrid free/busy lookups—and switch the organization relationship to Graph for a subset of users. Monitor latency, errors, and user experience. The hotfix adds detailed logging to the ExRCA (Exchange Remote Connectivity Analyzer) that specifically targets Graph calls.

  3. Broad adoption: Once confidence is established, gradually enable Graph for mailbox moves and admin sync. Full migration may span several cumulative updates, and Microsoft has indicated that EWS-based coexistence will remain supported until at least mid-2027 to ensure ample time for testing.

Importantly, the hotfix does not yet cover every coexistence scenario. Some advanced tasks—such as Public Folder migrations and certain compliance cross-premises operations—still require the classic EWS channels. Microsoft has committed to delivering those in future updates.

How to Deploy the Update

The May 2026 Hotfix is available through the standard Exchange Server SE servicing channels: Windows Update for automatic delivery, or as a manual download from the Microsoft Update Catalog. Because it’s a hotfix and not a security update, it will be offered to systems that have opted into “Receive updates for other Microsoft products” in Windows Update settings.

Before installation, administrators should:

  • Verify that all Exchange servers in the hybrid environment are running Exchange Server SE with the latest cumulative update.
  • Ensure that the on-premises Active Directory and Azure AD Connect are synchronized and healthy.
  • Review the new Graph permissions required: at minimum, the Exchange Online service principal must have the Mail.Send, Calendars.Read, and MailboxSettings.ReadWrite application permissions.
  • Check that outbound firewall rules allow access to the required Graph endpoints, including graph.microsoft.com and the specific national cloud variants if applicable.

The update is cumulative, so it can be installed on any server directly without first applying previous hotfixes. The installation process follows the familiar Exchange setup pattern: mount the ISO, run Setup.exe /m:upgrade from an elevated command prompt, and reboot as needed. A full server restart is typically not required if the mailbox role is set up for maintenance mode during the operation, but Microsoft recommends a rolling upgrade approach for multi-server environments.

Looking Ahead

The May 2026 hotfix is a cornerstone in Microsoft’s broader effort to retire legacy protocols and unify all Office 365 interactions under Graph. For hybrid customers, it’s an inflection point—the moment when the future of coexistence becomes tangible and testable. Early adopters have reported in Microsoft’s insider programs that the move to Graph improves administration portability and reduces the number of federation trusts and certificates they need to manage.

Yet challenges remain. Third-party applications and custom scripts that rely on EWS for hybrid operations will need to be rewritten to target Graph. Microsoft has provided migration guidance and code samples, but organizations with deep EWS integrations should start their planning now. The Exchange team has also emphasized that this update does not deprecate anything—it purely adds optional capabilities—so there is no emergency to act, only strategic advantage.

As the October 2026 EWS cutoff for Exchange Online looms, the path is clear: hybrid deployments that embrace the Graph-based coexistence early will enjoy smoother operations, better security, and a head start on the inevitable full migration. The May 2026 hotfix is the key that unlocks that path, and all hybrid administrators should begin evaluating it immediately.