From a6306b400fc57befc37ea071d7ad67eef8b20616 Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Mon, 11 Nov 2024 16:57:16 -0800 Subject: [PATCH 01/22] Update switches for legacy Exchange tokens --- .../exchange/Get-AuthenticationPolicy.md | 26 +++++++++++++++++++ .../exchange/Remove-AuthenticationPolicy.md | 9 ++++++- .../exchange/Set-AuthenticationPolicy.md | 21 ++++++++++++--- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md index 18c427840c..56638493cd 100644 --- a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md @@ -21,6 +21,7 @@ For information about the parameter sets in the Syntax section below, see [Excha ``` Get-AuthenticationPolicy [[-Identity] ] + [-AllowLegacyExchangeTokens] [-TenantId ] [] ``` @@ -46,6 +47,31 @@ This example returns detailed information for the authentication policy named En ## PARAMETERS +### -AllowLegacyExchangeTokens +This parameter is available only in the cloud-based service. + +The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the tenant. It also identifies the IDs of the Outlook add-ins that have been allowed or blocked from using legacy tokens. You don't need to specify a value with this switch. + +Legacy Exchange tokens include Exchange user identity and callback tokens. + +**Important**: + +- Blocking legacy Exchange tokens may cause some Microsoft add-ins to stop working in your tenant. These add-ins are being updated to no longer use legacy tokens. +- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: +Applicable: Exchange Online, Exchange Online Protection + +Required: False +Position: Named +Default value: True +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Identity The Identity parameter specifies the authentication policy you want to view. You can use any value that uniquely identifies the policy. For example: diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 4a09e10325..d9094d1782 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -66,7 +66,14 @@ Accept wildcard characters: False ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -This parameter is reserved for internal Microsoft use. +The AllowLegacyExchangeTokens switch returns your tenant to its previous state before changes were made to allow or block legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens. + +This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch. + +**Important**: + +- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes. +- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml Type: SwitchParameter diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index f1e832790a..cd7a797180 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -354,7 +354,14 @@ Accept wildcard characters: False ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -This parameter is reserved for internal Microsoft use. +The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens. + +This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch. + +**Important**: + +- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes. +- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml Type: SwitchParameter @@ -540,7 +547,15 @@ Accept wildcard characters: False ### -BlockLegacyExchangeTokens This parameter is available only in the cloud-based service. -This parameter is reserved for internal Microsoft use. +The BlockLegacyExchangeTokens switch specifies whether to block legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens. + +This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch. + +**Important**: + +- The BlockLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes. +- Blocking legacy Exchange tokens may cause some Microsoft add-ins to stop working in your tenant. These add-ins are being updated to no longer use legacy tokens. +- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml Type: SwitchParameter @@ -550,7 +565,7 @@ Applicable: Exchange Online, Exchange Online Protection Required: False Position: Named -Default value: True +Default value: False Accept pipeline input: False Accept wildcard characters: False ``` From 408fb73495d14607b179237b69d88395d60e12da Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Tue, 19 Nov 2024 08:51:36 -0800 Subject: [PATCH 02/22] Update Remove-AuthenticationPolicy.md --- exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index d9094d1782..40ed8899a9 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -72,7 +72,7 @@ This switch applies to your entire tenant even if you specify an authentication **Important**: -- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes. +- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml From 9dea352a8af406ade4321a15e8b31fe8d9ef6c1d Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Tue, 19 Nov 2024 08:52:52 -0800 Subject: [PATCH 03/22] Update Remove-AuthenticationPolicy.md --- .../exchange-ps/exchange/Remove-AuthenticationPolicy.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 40ed8899a9..4a09e10325 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -66,14 +66,7 @@ Accept wildcard characters: False ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -The AllowLegacyExchangeTokens switch returns your tenant to its previous state before changes were made to allow or block legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens. - -This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch. - -**Important**: - -- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. -- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). +This parameter is reserved for internal Microsoft use. ```yaml Type: SwitchParameter From 1ab3aad68179ec41becba15e5e91bdced55a7480 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Tue, 19 Nov 2024 09:17:15 -0800 Subject: [PATCH 04/22] Minor consistency updates --- .../exchange/Get-AuthenticationPolicy.md | 4 ++-- .../exchange/Remove-AuthenticationPolicy.md | 11 ++++++++++- .../exchange/Set-AuthenticationPolicy.md | 18 +++++++++++------- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md index 56638493cd..f5a68e8937 100644 --- a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md @@ -50,13 +50,13 @@ This example returns detailed information for the authentication policy named En ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the tenant. It also identifies the IDs of the Outlook add-ins that have been allowed or blocked from using legacy tokens. You don't need to specify a value with this switch. +The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the organization. It also identifies the IDs of the Outlook add-ins that have been allowed or blocked from using legacy tokens. You don't need to specify a value with this switch. Legacy Exchange tokens include Exchange user identity and callback tokens. **Important**: -- Blocking legacy Exchange tokens may cause some Microsoft add-ins to stop working in your tenant. These add-ins are being updated to no longer use legacy tokens. +- Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 4a09e10325..9c17c288e5 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -66,7 +66,16 @@ Accept wildcard characters: False ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -This parameter is reserved for internal Microsoft use. +The AllowLegacyExchangeTokens switch returns your organization to its previous state before changes were made to allow or block legacy Exchange tokens for Outlook add-ins. You don't need to specify a value with this switch. + +Legacy Exchange tokens include Exchange user identity and callback tokens. + +This switch applies to the entire organization, even if you specify an authentication policy using the Identity parameter. + +**Important**: + +- This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml Type: SwitchParameter diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index cd7a797180..d0616b33dc 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -354,13 +354,15 @@ Accept wildcard characters: False ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens. +The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens for Outlook add-ins. You don't need to specify a value with this switch. -This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch. +Legacy Exchange tokens include Exchange user identity and callback tokens. + +This switch applies to the entire organization, even if you specify an authentication policy using the Identity parameter. **Important**: -- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes. +- This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml @@ -547,14 +549,16 @@ Accept wildcard characters: False ### -BlockLegacyExchangeTokens This parameter is available only in the cloud-based service. -The BlockLegacyExchangeTokens switch specifies whether to block legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens. +The BlockLegacyExchangeTokens switch specifies whether to block legacy Exchange tokens for Outlook add-ins. You don't need to specify a value with this switch. + +Legacy Exchange tokens include Exchange user identity and callback tokens. -This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch. +This switch applies to the entire organization, even if you specify an authentication policy using the Identity parameter. **Important**: -- The BlockLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes. -- Blocking legacy Exchange tokens may cause some Microsoft add-ins to stop working in your tenant. These add-ins are being updated to no longer use legacy tokens. +- This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml From c2774ef8938ca932b74360d417b52d647bcd80d4 Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Tue, 19 Nov 2024 16:17:56 -0800 Subject: [PATCH 05/22] Remove Get-AuthenticationPolicy changes --- .../exchange/Get-AuthenticationPolicy.md | 26 ------------------- 1 file changed, 26 deletions(-) diff --git a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md index f5a68e8937..18c427840c 100644 --- a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md @@ -21,7 +21,6 @@ For information about the parameter sets in the Syntax section below, see [Excha ``` Get-AuthenticationPolicy [[-Identity] ] - [-AllowLegacyExchangeTokens] [-TenantId ] [] ``` @@ -47,31 +46,6 @@ This example returns detailed information for the authentication policy named En ## PARAMETERS -### -AllowLegacyExchangeTokens -This parameter is available only in the cloud-based service. - -The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the organization. It also identifies the IDs of the Outlook add-ins that have been allowed or blocked from using legacy tokens. You don't need to specify a value with this switch. - -Legacy Exchange tokens include Exchange user identity and callback tokens. - -**Important**: - -- Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens. -- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: -Applicable: Exchange Online, Exchange Online Protection - -Required: False -Position: Named -Default value: True -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -Identity The Identity parameter specifies the authentication policy you want to view. You can use any value that uniquely identifies the policy. For example: From 57a8aa5f3e03d372821619454054bd89479ec63c Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Tue, 19 Nov 2024 16:55:06 -0800 Subject: [PATCH 06/22] Add note about token issuance --- exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md | 1 + exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 1 + 2 files changed, 2 insertions(+) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 9c17c288e5..66e962003c 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -75,6 +75,7 @@ This switch applies to the entire organization, even if you specify an authentic **Important**: - This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index d0616b33dc..db431bdb73 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -558,6 +558,7 @@ This switch applies to the entire organization, even if you specify an authentic **Important**: - This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire. - Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). From 2e0cf6fff9623944f72f08630d0b06d33c58fbe1 Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:43:19 -0800 Subject: [PATCH 07/22] Add examples for Exchange token switches --- .../exchange-ps/exchange/Remove-AuthenticationPolicy.md | 7 +++++++ exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 66e962003c..aec7b72395 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -41,6 +41,13 @@ Remove-AuthenticationPolicy -Identity "Engineering Group" This example removes the authentication policy named "Engineering Group". +### Example 2 +```powershell +Remove-AuthenticationPolicy -Identity "Legacy Exchange Tokens" -AllowLegacyExchangeTokens +``` + +In Exchange Online, this example returns your organization to its previous state before legacy Exchange token issuance was allowed or blocked for Outlook add-ins. Since this switch applies to the entire organization, the authentication policy specified with the Identity parameter is ignored. + ## PARAMETERS ### -Identity diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index db431bdb73..8d78d0614c 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -77,6 +77,13 @@ Set-AuthenticationPolicy -Identity "Research and Development Group" -BlockLegacy In Exchange 2019, this example re-enables Basic authentication for Exchange Reporting Web Services in the authentication policy named Research and Development Group. +### Example 3 +```powershell +Set-AuthenticationPolicy -Identity "Legacy Exchange Tokens" -BlockLegacyExchangeTokens +``` + +In Exchange Online, this example blocks legacy Exchange tokens from being issued to Outlook add-ins. Since this switch applies to the entire organization, the authentication policy specified with the Identity parameter is ignored. + ## PARAMETERS ### -Identity From c4212ad76243ec8c211d5a49110149f24103bd35 Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Thu, 21 Nov 2024 11:43:04 -0800 Subject: [PATCH 08/22] Add note --- exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md | 1 + exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index aec7b72395..303151ccdf 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -82,6 +82,7 @@ This switch applies to the entire organization, even if you specify an authentic **Important**: - This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- It might take up to 24 hours for the change to take effect across your entire organization. - Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index 8d78d0614c..575266fc02 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -370,6 +370,7 @@ This switch applies to the entire organization, even if you specify an authentic **Important**: - This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- It might take up to 24 hours for the change to take effect across your entire organization. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml @@ -565,6 +566,7 @@ This switch applies to the entire organization, even if you specify an authentic **Important**: - This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- It might take up to 24 hours for the change to take effect across your entire organization. - Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire. - Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). From 44f2354e2f347c8b51df4300fb444833a76ccf2a Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Fri, 22 Nov 2024 09:35:01 -0800 Subject: [PATCH 09/22] Apply suggestions from review --- .../exchange-ps/exchange/Remove-AuthenticationPolicy.md | 4 ++-- .../exchange-ps/exchange/Set-AuthenticationPolicy.md | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 303151ccdf..3eb387bfb3 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -77,11 +77,11 @@ The AllowLegacyExchangeTokens switch returns your organization to its previous s Legacy Exchange tokens include Exchange user identity and callback tokens. -This switch applies to the entire organization, even if you specify an authentication policy using the Identity parameter. +This switch applies to the entire organization. Although the Identity parameter is required, its value is ignored. You can pass any non-empty value as the Identity parameter. **Important**: -- This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. - It might take up to 24 hours for the change to take effect across your entire organization. - Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index 575266fc02..be4a9b5c73 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -365,12 +365,11 @@ The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange Legacy Exchange tokens include Exchange user identity and callback tokens. -This switch applies to the entire organization, even if you specify an authentication policy using the Identity parameter. +This switch applies to the entire organization. Although the Identity parameter is required, its value is ignored. You can pass any non-empty value as the Identity parameter. **Important**: -- This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. -- It might take up to 24 hours for the change to take effect across your entire organization. +- Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml @@ -561,11 +560,11 @@ The BlockLegacyExchangeTokens switch specifies whether to block legacy Exchange Legacy Exchange tokens include Exchange user identity and callback tokens. -This switch applies to the entire organization, even if you specify an authentication policy using the Identity parameter. +This switch applies to the entire organization. Although the Identity parameter is required, its value is ignored. You can pass any non-empty value as the Identity parameter. **Important**: -- This switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. - It might take up to 24 hours for the change to take effect across your entire organization. - Legacy Exchange tokens issued to Outlook add-ins before token blocking was implemented in your organization will remain valid until they expire. - Blocking legacy Exchange tokens might cause some Microsoft add-ins to stop working. These add-ins are being updated to no longer use legacy tokens. From 511a8d4296ddd9f336a9af493b2bbed8ab2abb9b Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Wed, 11 Dec 2024 02:05:16 -0800 Subject: [PATCH 10/22] Add Get-AuthenticationPolicy switch --- .../exchange/Get-AuthenticationPolicy.md | 30 +++++++++++++++++++ .../exchange/Set-AuthenticationPolicy.md | 1 + 2 files changed, 31 insertions(+) diff --git a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md index 18c427840c..72f244e01c 100644 --- a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md @@ -21,6 +21,7 @@ For information about the parameter sets in the Syntax section below, see [Excha ``` Get-AuthenticationPolicy [[-Identity] ] + [-AllowLegacyExchangeTokens] [-TenantId ] [] ``` @@ -44,6 +45,13 @@ Get-AuthenticationPolicy -Identity "Engineering Group" This example returns detailed information for the authentication policy named Engineering Group. +### Example 3 +```powershell +Get-AuthenticationPolicy -AllowLegacyExchangeTokens +``` + +In Exchange Online, this example specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the organization. + ## PARAMETERS ### -Identity @@ -66,6 +74,28 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -AllowLegacyExchangeTokens +This parameter is available only in the cloud-based service. + +The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens are allowed for Outlook add-ins in your organization. You don't need to specify a value with this switch. + +Legacy Exchange tokens include Exchange user identity and callback tokens. + +**Important**: Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: +Applicable: Exchange Online, Exchange Online Protection + +Required: False +Position: Named +Default value: True +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -TenantId This parameter is available only in the cloud-based service. diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index be4a9b5c73..83d3e93696 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -370,6 +370,7 @@ This switch applies to the entire organization. Although the Identity parameter **Important**: - Apart from the Identity parameter, this switch disregards other authentication policy parameters used in the same command. We recommend running separate commands for other authentication policy changes. +- It might take up to 24 hours for the change to take effect across your entire organization. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml From c659d1563ded2b57727ea7baf015fc0bc1248836 Mon Sep 17 00:00:00 2001 From: Sam Ramon <15154970+samantharamon@users.noreply.github.com> Date: Wed, 11 Dec 2024 17:05:30 -0800 Subject: [PATCH 11/22] Add note to Get-AuthenticationPolicy switch --- exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md index 72f244e01c..2a91335ad9 100644 --- a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md @@ -81,7 +81,10 @@ The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens ar Legacy Exchange tokens include Exchange user identity and callback tokens. -**Important**: Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). +**Important**: + +- Currently, the AllowLegacyExchangeTokens switch only specifies whether legacy Exchange tokens are allowed in your organization. For now, disregard the empty Allowed and Blocked arrays returned by the switch. Improvements are underway to populate these arrays with Outlook add-ins that were allowed or blocked from getting legacy tokens. +- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml Type: SwitchParameter From acfc6d5988739a5a7f257bc061e0ef2a4ff67d41 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Wed, 11 Dec 2024 17:09:46 -0800 Subject: [PATCH 12/22] Update Get-AuthenticationPolicy.md --- exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md index 2a91335ad9..7c9cce1ad9 100644 --- a/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md @@ -83,7 +83,7 @@ Legacy Exchange tokens include Exchange user identity and callback tokens. **Important**: -- Currently, the AllowLegacyExchangeTokens switch only specifies whether legacy Exchange tokens are allowed in your organization. For now, disregard the empty Allowed and Blocked arrays returned by the switch. Improvements are underway to populate these arrays with Outlook add-ins that were allowed or blocked from getting legacy tokens. +- Currently, the AllowLegacyExchangeTokens switch only specifies whether legacy Exchange tokens are allowed in your organization. For now, disregard the empty Allowed and Blocked arrays returned by the switch. - Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens). ```yaml From da99bf6497866a574900a3129e1f8c6a3c1871e6 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:27:37 -0800 Subject: [PATCH 13/22] Update exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 3eb387bfb3..b81626167c 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -43,7 +43,7 @@ This example removes the authentication policy named "Engineering Group". ### Example 2 ```powershell -Remove-AuthenticationPolicy -Identity "Legacy Exchange Tokens" -AllowLegacyExchangeTokens +Remove-AuthenticationPolicy -Identity "LegacyExchangeTokens" -AllowLegacyExchangeTokens ``` In Exchange Online, this example returns your organization to its previous state before legacy Exchange token issuance was allowed or blocked for Outlook add-ins. Since this switch applies to the entire organization, the authentication policy specified with the Identity parameter is ignored. From 215d96989b5f87114aa549869bbc89e6c2bb45ec Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:27:56 -0800 Subject: [PATCH 14/22] Update exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index b81626167c..66a4dca7d4 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -46,7 +46,7 @@ This example removes the authentication policy named "Engineering Group". Remove-AuthenticationPolicy -Identity "LegacyExchangeTokens" -AllowLegacyExchangeTokens ``` -In Exchange Online, this example returns your organization to its previous state before legacy Exchange token issuance was allowed or blocked for Outlook add-ins. Since this switch applies to the entire organization, the authentication policy specified with the Identity parameter is ignored. +In Exchange Online, this example enables legacy Exchange tokens to be issued to Outlook add-ins. This switch applies to the entire organization. The Identity parameter is required, and its value must be set to "LegacyExchangeTokens". Specific authentication polices can't be applied. ## PARAMETERS From 612fc39132fbe7049f5dc1a40fb9ecdf03f83a7e Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:28:06 -0800 Subject: [PATCH 15/22] Update exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 66a4dca7d4..32cd62d21c 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -73,7 +73,7 @@ Accept wildcard characters: False ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -The AllowLegacyExchangeTokens switch returns your organization to its previous state before changes were made to allow or block legacy Exchange tokens for Outlook add-ins. You don't need to specify a value with this switch. +The AllowLegacyExchangeTokens switch enables legacy Exchange tokens to be issued to Outlook add-ins for your organization. You don't need to specify a value with this switch. Legacy Exchange tokens include Exchange user identity and callback tokens. From 6ed65f91c94f7853bd48841e75a4a36e3b16f154 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:28:19 -0800 Subject: [PATCH 16/22] Update exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md index 32cd62d21c..ee48f9b65e 100644 --- a/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md @@ -77,7 +77,7 @@ The AllowLegacyExchangeTokens switch enables legacy Exchange tokens to be issued Legacy Exchange tokens include Exchange user identity and callback tokens. -This switch applies to the entire organization. Although the Identity parameter is required, its value is ignored. You can pass any non-empty value as the Identity parameter. +This switch applies to the entire organization. The Identity parameter is required, and its value must be set to "LegacyExchangeTokens". Specific authentication polices can't be applied. **Important**: From 7f7a470aac4cafe0a1f2320711aaa9a633966cfe Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:28:26 -0800 Subject: [PATCH 17/22] Update exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index 83d3e93696..419edc8f09 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -79,7 +79,7 @@ In Exchange 2019, this example re-enables Basic authentication for Exchange Repo ### Example 3 ```powershell -Set-AuthenticationPolicy -Identity "Legacy Exchange Tokens" -BlockLegacyExchangeTokens +Set-AuthenticationPolicy -Identity "LegacyExchangeTokens" -BlockLegacyExchangeTokens ``` In Exchange Online, this example blocks legacy Exchange tokens from being issued to Outlook add-ins. Since this switch applies to the entire organization, the authentication policy specified with the Identity parameter is ignored. From 184b7290cc63b60bc2429aca4c6b81701b146597 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:28:35 -0800 Subject: [PATCH 18/22] Update exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index 419edc8f09..0ed013e199 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -82,7 +82,7 @@ In Exchange 2019, this example re-enables Basic authentication for Exchange Repo Set-AuthenticationPolicy -Identity "LegacyExchangeTokens" -BlockLegacyExchangeTokens ``` -In Exchange Online, this example blocks legacy Exchange tokens from being issued to Outlook add-ins. Since this switch applies to the entire organization, the authentication policy specified with the Identity parameter is ignored. +In Exchange Online, this example blocks legacy Exchange tokens from being issued to Outlook add-ins. The switch applies to the entire organization, and the Identity parameter must be set to the value "LegacyExchangeTokens". Specific authentication polices can't be applied. ## PARAMETERS From ccffc5a4d5771ecdc1c8f14a450cf39a53a3a2d9 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:29:25 -0800 Subject: [PATCH 19/22] Update exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index 0ed013e199..79fd7fa901 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -557,7 +557,7 @@ Accept wildcard characters: False ### -BlockLegacyExchangeTokens This parameter is available only in the cloud-based service. -The BlockLegacyExchangeTokens switch specifies whether to block legacy Exchange tokens for Outlook add-ins. You don't need to specify a value with this switch. +The BlockLegacyExchangeTokens switch specifies to block legacy Exchange tokens being issued to Outlook add-ins. You don't need to specify a value with this switch. Legacy Exchange tokens include Exchange user identity and callback tokens. From edf657f0903c859b44663e7fdf430aa558fd56a6 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:29:32 -0800 Subject: [PATCH 20/22] Update exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index 79fd7fa901..0f5e244ae0 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -561,7 +561,7 @@ The BlockLegacyExchangeTokens switch specifies to block legacy Exchange tokens b Legacy Exchange tokens include Exchange user identity and callback tokens. -This switch applies to the entire organization. Although the Identity parameter is required, its value is ignored. You can pass any non-empty value as the Identity parameter. +The switch applies to the entire organization. The Identity parameter is required and must be set to the value "LegacyExchangeTokens". Specific authentication polices can't be applied. **Important**: From 3d2a9f156b91c53c3ff4de1c7a284a8cbf2f926d Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:29:38 -0800 Subject: [PATCH 21/22] Update exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index 0f5e244ae0..a1475c0ee7 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -361,7 +361,7 @@ Accept wildcard characters: False ### -AllowLegacyExchangeTokens This parameter is available only in the cloud-based service. -The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens for Outlook add-ins. You don't need to specify a value with this switch. +The AllowLegacyExchangeTokens switch specifies to allow legacy Exchange tokens to be issued to Outlook add-ins. You don't need to specify a value with this switch. Legacy Exchange tokens include Exchange user identity and callback tokens. From 09a95ae3e73e5e17638aced52be92fbd9938c708 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Thu, 12 Dec 2024 10:29:48 -0800 Subject: [PATCH 22/22] Update exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md Co-authored-by: David Chesnut --- exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md index a1475c0ee7..5badd29be6 100644 --- a/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md @@ -365,7 +365,7 @@ The AllowLegacyExchangeTokens switch specifies to allow legacy Exchange tokens t Legacy Exchange tokens include Exchange user identity and callback tokens. -This switch applies to the entire organization. Although the Identity parameter is required, its value is ignored. You can pass any non-empty value as the Identity parameter. +The switch applies to the entire organization. The Identity parameter is required and must be set to the value "LegacyExchangeTokens". Specific authentication polices can't be applied. **Important**: