Outlook Add-In - Turn legacy Exchange Online tokens ON
search cancel

Outlook Add-In - Turn legacy Exchange Online tokens ON

book

Article ID: 387496

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

Microsoft is deprecating the use of legacy online tokens in Outlook Add-ins, which may disrupt customers relying on older versions of our Outlook Add-in. This change affects the authentication mechanism, necessitating updates or workarounds to maintain seamless functionality. You can avoid disruption of access to the Email Submission Outlook Add-in if you follow the steps below before February 16, 2025. 

Environment

Symantec Email Submission Outlook Add-in

Cause

Microsoft is phasing out support for legacy online tokens in Exchange Online to enhance security. This change will prevent older Outlook Add-ins and integrations from using legacy authentication mechanisms, requiring organizations to adapt to modern authentication methods.

Resolution

Workaround Recommendation

Until our Symantec Email Submission Outlook Add-in is updated to align with Microsoft’s new authentication policies, we recommend enabling legacy online tokens temporarily using Exchange Online PowerShell.

 

Follow these below steps:

Install Exchange Online PowerShell module

Windows OS

Open PowerShell and run the following commands

Check the installed version with below command,

Get-InstalledModule ExchangeOnlineManagement | Format-List Name,Version,InstalledLocation

Update module if necessary (in case of older version already installed)

Update-Module -Name ExchangeOnlineManagement

 

Install the module if it is not installed already

Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser

 

Run the following commands to import the module and check the version information of the module that is installed

Import-Module ExchangeOnlineManagement;
Get-Module ExchangeOnlineManagement

Connect to Exchange Online

Run the below command on PowerShell, It will open up a browser window and ask for Microsoft 365 administrator credentials, please sign in with admin credentials.

Connect-ExchangeOnline

Turn ON legacy Exchange online token

Run the below PowerShell command to Turn ON legacy Exchange Online token.  It can take up to 24 hours before all requests from Outlook add-ins for legacy tokens are allowed.

Set-AuthenticationPolicy –AllowLegacyExchangeTokens -Identity "LegacyExchangeTokens"

If you turn on legacy Exchange Online tokens, then they won't be turned off in February 2025 when Microsoft turns them off for all tenants. So it is advised to turn it on immediately.

Get Authentication Policy - legacy Exchange online token 

Run the below PowerShell command to get the existing legacy Exchange Online token policy

Get-AuthenticationPolicy -AllowLegacyExchangeTokens

 

You should see 'AllowLegacyExchangeTokens' set to True, which indicates that the legacy Exchange Online token has been enabled as it is shown below:

PS C:\> Get-AuthenticationPolicy -AllowLegacyExchangeTokens
AllowLegacyExchangeTokens: True
Allowed: []
Blocked: []
PS C:\>

 

Note: If you decide to stop using the Symantec Email Security Outlook Add-ins and disable the legacy Exchange Online token, please run the command below

Turn OFF legacy Exchange online token

Run the below PowerShell command to Turn OFF legacy Exchange Online token. It can take up to 24 hours before all requests from Outlook add-ins for legacy Exchange Online tokens are blocked.

Set-AuthenticationPolicy –BlockLegacyExchangeTokens -Identity "LegacyExchangeTokens"

Additional Information

Powered by Wolken Software