Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
The Phishing Reporter Page View feature fails due to Microsoft's deprecation of legacy Exchange Online tokens earlier than expected date, June 2025.
Affected Systems
Microsoft 365 users utilizing the Phishing Reporter Page View feature.
Symptoms
If you are using the Phishing Reporter Page View version, it may fail with the following empty message:

Root Cause
Microsoft has deprecated legacy Exchange Online tokens, which the Phishing Reporter previously relied upon for authentication and access.
Short Term Solution
Customers can turn on legacy Exchange Online tokens following below documentation.
https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/turn-exchange-tokens-on-off
It can take up to 24 hours before all requests from Outlook add-ins for legacy tokens are allowed.

Long-Term Solution
A more permanent solution, we highly recommend using Microsoft Ribbon Phishing Reporter that utilises Graph API and no dependency on Exchange Online tokens.
FAQ:
Q: Why is it happening now?
A: Legacy tokens turned off for all tenants before the scheduled date before June.
Feb 17th, 2025
Legacy tokens turned off for all tenants. Admins can reenable legacy tokens via PowerShell.
Jun 2025
Legacy tokens turned off for all tenants. Admins can no longer reenable legacy tokens via PowerShell and must contact Microsoft for any exception.
Oct 2025
Legacy tokens turned off for all tenants. Exceptions are no longer allowed.
Last updated
Was this helpful?