# Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens

The **Phishing** **Reporter** **Page** **View** feature fails due to Microsoft's deprecation of legacy Exchange Online tokens earlier than expected date, June 2025.

## **Affected Systems**

* **Microsoft** **365** **users** utilizing the **Phishing** **Reporter** **Page** **View** feature.

## **Symptoms**

If you are using the **Phishing** **Reporter** **Page** **View** version, it may fail with the following empty message:

<figure><img src="/files/5xhNKLxkEzK9q7TS4w0b" alt="Empty message shown when Phishing Reporter Page View fails due to deprecated Exchange Online tokens." width="320"><figcaption><p>Empty message shown when Phishing Reporter Page View fails due to deprecated Exchange Online tokens.</p></figcaption></figure>

## **Root Cause**

**Microsoft** has deprecated legacy **Exchange** **Online** **tokens**, which the **Phishing** **Reporter** previously relied upon for **authentication** **and** **access**.

## Short Term Solution

Admins can re-enable legacy Exchange Online tokens for their tenant by using **Exchange Online PowerShell** and the **Set-AuthenticationPolicy** command. For the deprecation timeline, token behavior, and migration guidance (NAA/MSAL), see Microsoft's [Nested app authentication FAQ - Legacy tokens](https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens).

**See also:** [Regarding deprecation of exchange tokens](https://learn.microsoft.com/en-us/answers/questions/4756209/regarding-deprecation-of-exchange-tokens) (Microsoft Q\&A) for community discussion and admin re-enable options.

{% hint style="warning" %}
It can take up to 24 hours before all requests from Outlook add-ins for legacy tokens are allowed.
{% endhint %}

<figure><img src="/files/oEl3h4lHUPdKNdwtLWIh" alt="Exchange Online PowerShell — Allow Legacy Token sample."><figcaption><p>Picture 1: Exchange Online Powershell - Allow Legacy Token Sample</p></figcaption></figure>

## Long-Term Solution

A more permanent solution, we highly recommend using **Microsoft** **Ribbon** **Phishing** **Reporter** that utilises **Graph** **API** and no dependency on Exchange Online tokens.

## FAQ:

### Q: Why is it happening now?

A: Legacy tokens turned off for all tenants before the scheduled date before June.

<table><thead><tr><th width="111.53125">Date</th><th>Legacy tokens status</th></tr></thead><tbody><tr><td>Feb 17th, 2025</td><td>Legacy tokens turned off for all tenants. Admins can reenable legacy tokens via PowerShell.</td></tr><tr><td>Jun 2025</td><td>Legacy tokens turned off for all tenants. Admins can no longer reenable legacy tokens via PowerShell and must contact Microsoft for any exception.</td></tr><tr><td>Oct 2025</td><td>Legacy tokens turned off for all tenants. Exceptions are no longer allowed.</td></tr></tbody></table>

<https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.keepnetlabs.com/next-generation-product/platform/phishing-reporter/phishing-reporter-deployment/phishing-reporter-page-view-failure-due-to-deprecated-exchange-online-tokens.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.