Microsoft Exchange Online is phasing out legacy tokens for Outlook add-ins, requiring a switch to Nested App Authentication (NAA). Tenant admins can now identify apps still using legacy tokens via PowerShell, helping ensure a smooth transition before discontinuation. Bullet points:
Microsoft Exchange Online: Legacy Token Support Ending Soon
If you’re managing Exchange Online and Outlook add-ins, there’s a crucial update you need to know. Microsoft is phasing out legacy Exchange tokens used for authentication in Outlook add-ins. This change affects only Exchange Online and requires action from tenant admins and developers.
What’s New?
Microsoft will discontinue Exchange legacy tokens as a valid authentication method for Outlook add-ins. Instead, all add-ins must switch to Nested App Authentication (NAA). This shift aims to enhance security and streamline authentication processes within Exchange Online.
As Nino Bilic from the Exchange Team puts it:
“Outlook add-ins used with Exchange Online will have to use Nested App Authentication (NAA) instead.”
How to Check Your Tenant’s Legacy Token Usage
To help administrators prepare, Microsoft updated its documentation with a handy PowerShell command. You can now run:
Get-AuthenticationPolicy-AllowLegacyExchangeTokensThis command lists all app IDs still requesting and receiving legacy Exchange tokens in your tenant.
Knowing which add-ins rely on legacy tokens is vital. It allows you to identify and update or replace outdated apps before the cutoff.
Why This Matters
Legacy tokens pose security risks and compatibility issues. Moving to NAA ensures better protection and smoother integration with modern Exchange Online features.
Microsoft’s Exchange Team emphasizes:
“This impacts Exchange Online only. Details are in the FAQ.”
So, it’s essential to review your environment soon. Ignoring this update could lead to authentication failures and disrupted workflows.
Next Steps for Admins and Developers
- Run the PowerShell command to audit legacy token usage.
- Identify add-ins still using legacy tokens.
- Coordinate with developers to update add-ins to use Nested App Authentication.
- Consult Microsoft’s updated documentation and FAQ for detailed guidance.
In summary, Microsoft’s move away from legacy tokens is a security-forward step. Staying ahead means auditing your Exchange Online tenant now and planning your migration to NAA.
Keep your add-ins secure and functional by embracing this change early. For tech-savvy admins, this is a straightforward but critical task to maintain a smooth Exchange Online experience.
From the New blog articles in Microsoft Community Hub
