From 49a98126c232c6ceef1a7b0833e1fe1c9f0e4da4 Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Thu, 30 Oct 2025 11:53:03 -0700 Subject: [PATCH] Update note --- .../Get-AuthenticationPolicy.md | 12 +---------- .../Remove-AuthenticationPolicy.md | 14 +------------ .../Set-AuthenticationPolicy.md | 21 ++----------------- 3 files changed, 4 insertions(+), 43 deletions(-) diff --git a/exchange/exchange-ps/ExchangePowerShell/Get-AuthenticationPolicy.md b/exchange/exchange-ps/ExchangePowerShell/Get-AuthenticationPolicy.md index 67391dcc72..a152234f65 100644 --- a/exchange/exchange-ps/ExchangePowerShell/Get-AuthenticationPolicy.md +++ b/exchange/exchange-ps/ExchangePowerShell/Get-AuthenticationPolicy.md @@ -46,13 +46,6 @@ Get-AuthenticationPolicy -Identity "Engineering Group" This example returns detailed information for the authentication policy named Engineering Group. -### Example 3 -```powershell -Get-AuthenticationPolicy -AllowLegacyExchangeTokens -``` - -In Exchange Online, this example specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the organization. - ## PARAMETERS ### -Identity @@ -87,10 +80,7 @@ The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens ar Legacy Exchange tokens include Exchange user identity and callback tokens. -**Important**: - -- Legacy Exchange Online tokens will be turned off for all organizations from August 2025 through September 2025. Once turned off, you can't use the _AllowLegacyExchangeTokens_ switch on the **Set-AuthenticationPolicy** cmdlet to turn on these tokens. You get the warning "Legacy Exchange Online tokens are disabled" when you run the command `Get-AuthenticationPolicy -AllowLegacyExchangeTokens`. You can [contact Microsoft Support to request an exception](https://aka.ms/LegacyTokensByOctober). For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens). -- The AllowLegacyExchangeTokens switch returns `Not Set` if tokens haven't been explicitly allowed or blocked in your organization using the _AllowLegacyExchangeTokens_ or _BlockLegacyExchangeTokens_ parameters on the **Set-AuthenticationPolicy** cmdlet. For more information, see [Get the status of legacy Exchange Online tokens and add-ins that use them](https://learn.microsoft.com/office/dev/add-ins/outlook/turn-exchange-tokens-on-off#get-the-status-of-legacy-exchange-online-tokens-and-add-ins-that-use-them). +**Important**: Legacy Exchange Online tokens are turned off for all organizations. Exemptions are no longer allowed. ```yaml Type: SwitchParameter diff --git a/exchange/exchange-ps/ExchangePowerShell/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/ExchangePowerShell/Remove-AuthenticationPolicy.md index c6053a0e63..eb9395b901 100644 --- a/exchange/exchange-ps/ExchangePowerShell/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/ExchangePowerShell/Remove-AuthenticationPolicy.md @@ -42,13 +42,6 @@ Remove-AuthenticationPolicy -Identity "Engineering Group" This example removes the authentication policy named "Engineering Group". -### Example 2 -```powershell -Remove-AuthenticationPolicy -Identity "LegacyExchangeTokens" -AllowLegacyExchangeTokens -``` - -In Exchange Online, this example enables legacy Exchange tokens to be issued to Outlook add-ins. This switch applies to the entire organization. The Identity parameter is required, and its value must be set to "LegacyExchangeTokens". Specific authentication policies can't be applied. - ## PARAMETERS ### -Identity @@ -85,12 +78,7 @@ Legacy Exchange tokens include Exchange user identity and callback tokens. This switch applies to the entire organization. The Identity parameter is required, and its value must be set to "LegacyExchangeTokens". Specific authentication policies can't be applied. -**Important**: - -- Legacy Exchange Online tokens will be turned off for all organizations from August 2025 through September 2025. Once turned off, you can't use the _AllowLegacyExchangeTokens_ switch on the **Set-AuthenticationPolicy** cmdlet to turn on these tokens. You get the warning "Legacy Exchange Online tokens are disabled" when you run the command `Get-AuthenticationPolicy -AllowLegacyExchangeTokens`. You can [contact Microsoft Support to request an exception](https://aka.ms/LegacyTokensByOctober). For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens). -- Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. -- It might take up to 24 hours for the change to take effect across your entire organization. -- Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire. +**Important**: Legacy Exchange Online tokens are turned off for all organizations. Exemptions are no longer allowed. ```yaml Type: SwitchParameter diff --git a/exchange/exchange-ps/ExchangePowerShell/Set-AuthenticationPolicy.md b/exchange/exchange-ps/ExchangePowerShell/Set-AuthenticationPolicy.md index 41d628b916..dd18444db7 100644 --- a/exchange/exchange-ps/ExchangePowerShell/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/ExchangePowerShell/Set-AuthenticationPolicy.md @@ -78,13 +78,6 @@ Set-AuthenticationPolicy -Identity "Research and Development Group" -BlockLegacy In Exchange 2019, this example re-enables Basic authentication for Exchange Reporting Web Services in the authentication policy named Research and Development Group. -### Example 3 -```powershell -Set-AuthenticationPolicy -Identity "LegacyExchangeTokens" -BlockLegacyExchangeTokens -``` - -In Exchange Online, this example blocks legacy Exchange tokens from being issued to Outlook add-ins. The switch applies to the entire organization, and the Identity parameter must be set to the value "LegacyExchangeTokens". Specific authentication policies can't be applied. - ## PARAMETERS ### -Identity @@ -397,11 +390,7 @@ Legacy Exchange tokens include Exchange user identity and callback tokens. The switch applies to the entire organization. The Identity parameter is required and must be set to the value "LegacyExchangeTokens". Specific authentication policies can't be applied. -**Important**: - -- Legacy Exchange Online tokens will be turned off for all organizations from August 2025 through September 2025. Once turned off, you can't use the _AllowLegacyExchangeTokens_ switch on the **Set-AuthenticationPolicy** cmdlet to turn on these tokens. You get the warning "Legacy Exchange Online tokens are disabled" when you run the command `Get-AuthenticationPolicy -AllowLegacyExchangeTokens`. You can [contact Microsoft Support to request an exception](https://aka.ms/LegacyTokensByOctober). For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens). -- Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. -- It might take up to 24 hours for the change to take effect across your entire organization. +**Important**: Legacy Exchange Online tokens are turned off for all organizations. Exemptions are no longer allowed. ```yaml Type: SwitchParameter @@ -611,13 +600,7 @@ Legacy Exchange tokens include Exchange user identity and callback tokens. The switch applies to the entire organization. The Identity parameter is required and must be set to the value "LegacyExchangeTokens". Specific authentication policies can't be applied. -**Important**: - -- Legacy Exchange Online tokens will be turned off for all organizations from August 2025 through September 2025. Once turned off, you can't use the _AllowLegacyExchangeTokens_ switch on the **Set-AuthenticationPolicy** cmdlet to turn on these tokens. You get the warning "Legacy Exchange Online tokens are disabled" when you run the command `Get-AuthenticationPolicy -AllowLegacyExchangeTokens`. You can [contact Microsoft Support to request an exception](https://aka.ms/LegacyTokensByOctober). For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens). -- Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. -- It might take up to 24 hours for the change to take effect across your entire organization. -- Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization remain valid until they expire. -- Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens. +**Important**: Legacy Exchange Online tokens are turned off for all organizations. Exemptions are no longer allowed. ```yaml Type: SwitchParameter