MC715681: Microsoft Teams for Windows is discontinuing support for the legacy ADAL Authentication SDK.

Announcement IDMC715681Published Date02-14-2024
ServicemicrosoftteamsLast Updated02-14-2024
CategoryPlan for changeExpiration Date06-30-2024
Roadmap IDAction Required by Date
TagsMajor update, Admin impact, Retirement, User impact


Summary
                Microsoft Teams for Windows is discontinuing support for the legacy ADAL Authentication SDK. Organizations that haven't transitioned to New Teams on Windows PCs may be impacted. New Teams removes support for ADAL, which may cause sign-in issues for impacted PCs. Organizations can identify if they rely on ADAL for Teams sign-in using Entra sign-in logs. If sign-in issues occur, organizations should try signing in to New Teams and contact their CSAM for further assistance.


More Information

Note: This message is relevant to organizations that haven't yet fully transitioned to New Teams on Windows PCs. If every Teams user in your organization is already using New Teams, no further action is required.

New Teams removes support for ADAL (Active Directory Authentication Library), a legacy SDK used in rare cases by Teams Classic. This change is part of our broader effort to improve performance and security.

On Windows PCs, some third-party/custom sign-in solutions leverage undocumented hooks which cause Teams Classic to fall back to the legacy ADAL SDK. This fallback path doesn't exist in New Teams.

When this will happen:

As your organization transitions to New Teams.

How this will affect your organization:

Teams users on impacted PCs may not be able to sign in to New Teams.

How to identify if your organization relies on ADAL for Teams sign-in:

You can leverage Entra sign-in logs to make this determination:

  1. Sign in to https://portal.azure.com, navigate to Entra ID and select "Sign-in Logs".
  2. Ensure you're on the "User sign ins (interactive)" tab.
  3. Click on "Date", and select "Last 1 month" or a longer time scale if appropriate.
  4. Click on "Add filters" and add these two filters:
    1. Filter: "Application". Value: "1fec8e78-bce4-4aaf-ab1b-5451cc387264".
    2. Filter: "Device browser". Value: "IE".
  5. The table should show all sign-ins to Teams via the legacy ADAL SDK.

What you need to do to prepare:

  1. If you've identified any PC in your organization that uses ADAL, try to sign in to New Teams. If this works, you're all set.
  2. If you encounter any sign-in issues and are using a third-party solution for sign-in, reach out to the vendor for support.
  3. If you encounter any other sign-in issues and need further assistance, please contact your Customer Success Account Manager (CSAM) with the following information:
    1. Does your organization rely on custom solutions for Teams sign-in?
    2. If sign-in doesn't work, describe what happens.
Previous Post Next Post