search
Get Demo

Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens

The Phishing Reporter Page View feature fails due to Microsoft's deprecation of legacy Exchange Online tokens earlier than expected date, June 2025.

hashtag
Affected Systems

  • Microsoft 365 users utilizing the Phishing Reporter Page View feature.

hashtag
Symptoms

If you are using the Phishing Reporter Page View version, it may fail with the following empty message:

hashtag
Root Cause

Microsoft has deprecated legacy Exchange Online tokens, which the Phishing Reporter previously relied upon for authentication and access.

hashtag
Short Term Solution

Customers can turn on legacy Exchange Online tokens following below documentation.

https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/turn-exchange-tokens-on-offarrow-up-right

circle-exclamation

It can take up to 24 hours before all requests from Outlook add-ins for legacy tokens are allowed.

Picture 1: Exchange Online Powershell - Allow Legacy Token Sample

hashtag
Long-Term Solution

A more permanent solution, we highly recommend using Microsoft Ribbon Phishing Reporter that utilises Graph API and no dependency on Exchange Online tokens.

hashtag
FAQ:

hashtag
Q: Why is it happening now?

A: Legacy tokens turned off for all tenants before the scheduled date before June.

Date
Legacy tokens status

Feb 17th, 2025

Legacy tokens turned off for all tenants. Admins can reenable legacy tokens via PowerShell.

Jun 2025

Legacy tokens turned off for all tenants. Admins can no longer reenable legacy tokens via PowerShell and must contact Microsoft for any exception.

Oct 2025

Legacy tokens turned off for all tenants. Exceptions are no longer allowed.

https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokensarrow-up-right

PreviousHow to Deploy the Add-in in Microsoft 365NextMicrosoft Ribbon Phishing Reporter

Last updated