Announcement ID | MC902782 | Published Date | 10-01-2024 | |
Service | Exchange | Last Updated | 10-31-2024 | |
Category | Plan for change | Expiration Date | 12-29-2025 | |
Roadmap ID | Action Required by Date | |||
Tags | Major update, Admin impact, Retirement |
Summary |
---|
Legacy Exchange Online tokens are deprecated and will be turned off starting February 2025. Add-ins using these tokens must migrate to Nested App Authentication (NAA) and Entra ID tokens. Administrators should identify and update affected add-ins, and developers must register updated add-ins in Azure. Tooling will be provided for admins to manage this transition. |
More Information | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
We're contacting you because your tenant uses legacy Exchange Online tokens that are deprecated and Outlook add-ins that still use them will break when tokens are turned off.
NOTE: This change only applies to Exchange Online; add-ins used in on-premises environments are not impacted by this change. Recommended actions:
When will Microsoft turn off legacy Exchange Online tokens? Microsoft begins turning off legacy Exchange online tokens in February 2025. From now until February 2025, existing and new tenants will not be affected. We'll provide tooling for administrators to reenable Exchange tokens for tenants and add-ins if those add-ins aren't yet migrated to NAA.
When is NAA generally available for my channel?The general availability (GA) date for NAA depends on which channel you are using.
How do I check which Outlook add-ins are impacted?From October 30th through mid-November 2024, we'll roll out new tooling via PowerShell for Microsoft 365 administrators to turn legacy Exchange tokens on or off in your tenant. If you find you need to reenable legacy Exchange tokens, you can use the PowerShell cmdlets to do so. The tooling will also report if any add-ins are using legacy tokens over the last 28 days. Once the tooling is available will update the Outlook legacy token deprecation FAQ with additional documentation details. Add-ins may use the legacy Exchange tokens to get resources from Exchange through the EWS or Outlook REST APIs. Sometimes an add-in requires Exchange resources for some use cases and not others, making it difficult to figure out whether the add-in requires an update. We recommend reaching out to add-in developers and owners to ask them if their add-in code references the following APIs:
We'll provide tooling via PowerShell for Microsoft 365 admins in October 2024 to turn legacy Exchange tokens on or off in your tenant. This will allow you to test if any add-ins are using Exchange tokens. We'll provide more info when the tooling is ready in the Outlook legacy token deprecation FAQ. If you rely on an independent software vendor (ISV) for your add-in, we recommend you contact them as soon as possible to confirm they have a plan and a timeline for moving off legacy Exchange tokens. ISV developers should reach out directly to their Microsoft contacts with questions to ensure they're ready for the end of Exchange legacy tokens. If you rely on a developer within your organization, we recommend you ask them to review the Updates on deprecating legacy Exchange Online tokens for Outlook add-ins blog and ask any questions to the Outlook extensibility PM team on the OfficeDev/office-js GitHub issues site. How do I keep up with the latest guidance?We'll share additional guidance on the Office Add-ins community call, the M365 developer blog, and the Outlook legacy token deprecation FAQ. Ask questions about NAA and legacy Exchange Online token deprecation on the OfficeDev/office-js GitHub issues site. Please put "NAA" in the title. |