Thunderbird's Exchange implementation is via the EWS API (Exchange Web Services), currently limited to email. First enabled in version 141, version 145 is almost feature complete for email, with some items still in progress listed below.

Calendar and address book will follow at a later date. Also in the future is Exchange via Graph API, so please do not file bug reports for these items at this time.

Account Setup

When creating a new account in Thunderbird using classic account creation, choose the "Exchange Web Services" option. Or if using the new Account Hub, "Exchange Web Services" should be automatically detected. If exchange is not detected, choose the first "Exchange" option. For additional information about setup see the Exchange knowledge base article.

Supported email features

The following features are available in release (not ESR) Thunderbird 145.0:

• Creating an account using account autoconfig
  • Note: manual configuration is not yet supported
• Attachment detaching and deletion
• Attachment saving and displaying
• Displaying the list of folders for an account
• Displaying the list of messages in a selected folder
• Displaying the content of messages
• Folder creation, deletion, rename, copying, moving, repair, compaction
• Folder moving and copying
• Message deleting
• Message filters
  • Note: some filters, such as those requiring the full message body, aren't supported yet.
• Sending messages
  • Quoting a message when replying to, or forwarding it

Limitations and In Progress

Email items yet to be implemented are on the near term road map as "Phase 5", expected to be available/resolved by 1Q2026 (subject to change). These are listed in phase 5 bug query and as a shorter, more easily understood list at the Exchange KB article.

Calendar and address book via EWS are currently in development and will follow at a later date. Also in the future is Exchange via Graph API, so please do not file bug reports for these items at this time.

How to stay informed

To stay informed about progress you might watch:

• The blogs posted with the exchange tag https://blog.thunderbird.net/tag/exchange/, or subscribe to the RSS feed https://blog.thunderbird.net/feed/.
• The topicbox beta group or enterprise group.

Open bug reports

Open bug reports:

• The Exchange meta bug 1847846 tracks most related bug reports.
  • Click "Dependency tree" to see a list of bugs.
  • If you create a bugzilla account, you can click "Follow" at the top of a bug report to be notified by email of changes to the bug, plus state changes of all dependent bugs (an example state change is "fixed").
• Alternatively, lists https://mzl.la/4qtcSPI and https://mzl.la/43C0xyF (which excludes phase 5) for up to the second accuracy, which do not depend being marked as blocking bug 1847846. Also excluded in these lists are internal tests which do not affect users.

How to report and discuss issues

We welcome your testing and feedback, and reporting of unexpected behavior or errors.

Only email for exchange is available at this time. To report a problem when using version 145 or newer, please file a bug report.

Please use topicbox to discuss or ask questions about Exchange, either the beta group or the enterprise group.

Items to test

Account Setup and Configuration

• Configure an EWS account in Thunderbird
• Authenticate using username and password
• Use the Account Hub to register EWS accounts
• Optionally disable Account Hub in settings for legacy account setup

Email Synchronization

• Synchronize inbox and subfolders
• Automatically sync new emails

Folder Management

• Create, rename, and delete folders
• Synchronize folders and subfolders
• Move and copy emails between folders

Email Handling

• Send, receive, reply to, and forward emails
• Attach files and inline images
• Mark emails with tags
• Delete emails and confirm proper synchronization

Additional Features

• Search emails (test both subject and body)
• Use "Save as Search", Quick Filter, and sort options
• Check folder properties (e.g. retention settings)
• Confirm message sync behaviors

Filter Creation and Management

• Create filters based on sender, body, recipient, subject, size, date, etc
• Define actions such as move or copy
• Apply filters automatically on incoming mail
• Run filters manually on selected folders
• Edit, disable, delete filters and view filter logs

The future - Graph API

Microsoft EWS is a legacy SOAP-based API for accessing Exchange data, while Microsoft Graph API is a modern, RESTful API for accessing a wide range of Microsoft 365 services, including Exchange data.

The EWS API is being retired by Microsoft in favor of Graph API. However, there is still a whole year before this API gets retired, and this only impacts domains hosted on Microsoft's Office365 cloud. On-premise instances of EWS are not subject to this retirement deadline.

Today, Thunderbird supports EWS. Graph API will be supported in the future.

Microsoft hosted vs. Self hosted Exchange servers

“Microsoft hosted” refers to a scenario where an organization uses the cloud-based exchange server provided by Microsoft, using URLs which resolve to the Microsoft cloud infrastructure on Outlook.com, Office365.com or hotmail.com (no custom domains are used). These configurations require users to authenticate using Oauth2 via login.microsoftonline.com.

“Self hosted” refers to a scenario where an organization (like a school or a company) provides their users with an exchange mail server that is hosted sometimes on their servers, with their domain. The exchange server could also use a custom domain with Microsoft’s Office365 server - that's the case for our test account (which domain is o365.thunderbird.net despite being hosted on Office365).

If the organization allows basic password authentication for their self-hosted instance, their users will be able to use Thunderbird’s new EWS support.

If the organization enforces OAuth2 authentication and has basic authentication disabled, additional steps are required. This is not yet supported, largely due to limitations in the Oauth2 authentication mechanism within Thunderbird.

Why?

When an email client like Thunderbird wants to use a domain to perform an OAuth handshake, two things typically need to happen first:

1. The mail server has to be configured by an administrator to explicitly allow Thunderbird, and credentials need to be generated that can be used by Thunderbird to connect to that system.
2. Thunderbird has to be made aware of the credentials.

An example of this can be seen in the handshake details between login.microsoftonline.com in the OAuth2Providers.sys.mjs file of the Thunderbird codebase. Note that the OAuth2Providers.sys.mjs file is currently the only place within Thunderbird where domains are enabled for Oauth2 authentication.

Microsoft hosted scenario - most common

In the Thunderbird API, office365.com, outlook.com, and hotmail.com all map to login.microsoftonline.com. So if a user’s organization uses one of these three, we have the required handshake credentials (for login.microsoftonline.com) already in Thunderbird and so they will be able to register and use their exchange email in Thunderbird.

Note that outlook.com and hotmail.com only support IMAP and EWS should be available for most office365.com accounts.

Microsoft hosted with tenant-specific instance - less common

TLDR - This is not yet supported.

Some organizations and institutions have customized their security settings for their enterprise such that their users need to authenticate with different credentials than the ones typically used by Thunderbird for Microsoft.

This is not yet supported, due to OAuth2 limitations and we are planning to change our Oauth2 mechanism to allow this in the near future.

Self hosted scenario - less common

TLDR - self hosted (aka on-premise) is not yet supported for OAuth (password/basic auth still works).

You can tell from this OAuth2Providers.sys.mjs file that there are no domains correlating to self hosted mail servers, meaning Thunderbird won’t know anything about an exchange web server hosted within non-cloud infrastructure so won’t be able to complete an OAuth handshake with this server.

To ease this painful situation of a self hosted server being usable in Thunderbird, Geoff improved our code so that now Thunderbird can consume these handshake details via an add-on. So now it’s possible for a mail server administrator to create a customized (to their server) add-on that provides the OAuth handshake details of their server which their users can install, or that can be rolled out to users via enterprise policy. However, since this is a limited scenario (self hosted is a pain that many organizations choose not to do), we’ve struggled to get external testers (we do not have this setup in our exchange test account).