Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens

The Phishing Reporter Page View feature fails due to Microsoft's deprecation of legacy Exchange Online tokens earlier than expected date, June 2025.

Affected Systems

Microsoft 365 users utilizing the Phishing Reporter Page View feature.

Symptoms

If you are using the Phishing Reporter Page View version, it may fail with the following empty message:

Root Cause

Microsoft has deprecated legacy Exchange Online tokens, which the Phishing Reporter previously relied upon for authentication and access.

Short Term Solution

Customers can turn on legacy Exchange Online tokens following below documentation.

https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/turn-exchange-tokens-on-off

It can take up to 24 hours before all requests from Outlook add-ins for legacy tokens are allowed.

Long-Term Solution

A more permanent solution, we highly recommend using Microsoft Ribbon Phishing Reporter that utilises Graph API and no dependency on Exchange Online tokens.

FAQ:

Q: Why is it happening now?

A: Legacy tokens turned off for all tenants before the scheduled date before June.

Date

Legacy tokens status

Feb 17th, 2025

Legacy tokens turned off for all tenants. Admins can reenable legacy tokens via PowerShell.

Jun 2025

Legacy tokens turned off for all tenants. Admins can no longer reenable legacy tokens via PowerShell and must contact Microsoft for any exception.

Oct 2025

Legacy tokens turned off for all tenants. Exceptions are no longer allowed.

https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens

PreviousHow to Deploy the Add-in in Microsoft 365 NextMicrosoft Ribbon Phishing Reporter

Last updated 3 months ago

Was this helpful?