Skip to main content

How to enable and disable legacy exchange tokens again after forced deprecation in February 2025

K
Written by Karthek S
Updated over 3 weeks ago

Microsoft has announced the deprecation of legacy tokens, which is impacting certain Outlook add-ins that depend on them, causing functionality issues.

PhishArm can stop working while reporting an email and you can follow the below steps to implement the solution.

Important Notice: If you enable legacy tokens for Exchange Online now, they will remain active beyond February 2025, when Microsoft enforces their deprecation for all tenants.

However, the option to reactivate legacy tokens will only be available until June 2025. After that, their use will be permanently blocked across all Microsoft 365 tenants.

Steps to Re-enable Legacy Tokens

Establishing a Connection with Exchange Online PowerShell

To run the required commands, you must first establish a connection to Exchange Online PowerShell.

  1. Open Windows PowerShell

Run the following command to import the Exchange Online Management module:

Import-Module ExchangeOnlineManagement

2. If the import module fails then please run the following commands

To install

Install-Module ExchangeOnlineManagement

3. Update the module to ensure you are using the latest version:

Update-Module -Name ExchangeOnlineManagement

4. Establish a connection to Exchange Online:

Connect-ExchangeOnline

Sign in with your Microsoft 365 administrator credentials.

Execute the following command to restore legacy token access:

Set-AuthenticationPolicy –AllowLegacyExchangeTokens -Identity "LegacyExchangeTokens"

Please be aware that the change may take up to 24 hours to take effect. Legacy Exchange tokens issued to Outlook add-ins before the blocking was enforced will remain valid until they expire.

Please refer to the video below for the process:

Disabling Legacy tokens

  • Open PowerShell as an admin and run the following command to import the Exchange Online Management module:

    Import-Module ExchangeOnlineManagement

  • If the import module fails, then please run the following commands to install it.

    Install-Module ExchangeOnlineManagement

  • Update the module to ensure you are using the latest version:

    Update-Module -Name ExchangeOnlineManagement

  • Establish a connection to Exchange Online. Sign in with your Microsoft 365 administrator credentials.

    Connect-ExchangeOnline

  • Execute the following command to Turn Off legacy token access:

    Set-AuthenticationPolicy –BlockLegacyExchangeTokens -Identity "LegacyExchangeTokens"

Please be aware that the change may take up to 24 hours to take effect.

  • Get the status of legacy Exchange Online tokens

    Get-AuthenticationPolicy -AllowLegacyExchangeTokens

Did this answer your question?