{"id":14838,"date":"2026-02-06T03:01:25","date_gmt":"2026-02-05T18:01:25","guid":{"rendered":"https:\/\/m365jp.net\/?p=14838"},"modified":"2026-02-06T03:07:43","modified_gmt":"2026-02-05T18:07:43","slug":"mc1184649-microsoft-sharepoint-retirement-of-idcrl-authentication-protocol-and-enforcement-of-openid-connect-and-oauth-protocols-5","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-02-06-mc1184649-microsoft-sharepoint-retirement-of-idcrl-authentication-protocol-and-enforcement-of-openid-connect-and-oauth-protocols-5","title":{"rendered":"MC1184649 | Microsoft SharePoint: Retirement of IDCRL authentication protocol and enforcement of OpenID Connect and OAuth protocols"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1184649 | Microsoft SharePoint: Retirement of IDCRL authentication protocol and enforcement of OpenID Connect and OAuth protocols<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>02\/05\/2026 17:48:51<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>11\/11\/2025 00:37:53<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>06\/01\/2026 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2026-01-30T08:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>Updated February 5, 2026: We have updated the timeline. Thank you for your patience.&nbsp;<\/p>\n<p><b>[Introduction:]<\/b>  <\/p>\n<p>As part of the Microsoft Secure Future Initiative (SFI) and in alignment with the \u201cSecure by Default\u201d principle, we\u2019re  <b>retiring the legacy IDCRL <\/b>(Identity Client Run Time Library) <b>authentication protocol<\/b> in<i> SharePoint Online<\/i> and  <i>OneDrive for Business<\/i>. This change helps strengthen your organization\u2019s security posture by enforcing modern authentication standards\u2014OpenID Connect and OAuth\u2014which reduce exposure to outdated and vulnerable authentication methods.<\/p>\n<p><b>[When this will happen:]<\/b>  <\/p>\n<ul>  <\/p>\n<li><b>Starting February 16, 2026:<\/b> Legacy client authentication will be blocked by default. Organizations may temporarily re-enable it using PowerShell until April 30, 2026.<\/li>\n<p>  <\/p>\n<li><b>Starting May 1, 2026:<\/b> Legacy client authentication will be permanently blocked and cannot be re-enabled.<\/li>\n<p>  <\/ul>\n<\/p>\n<p><b>[How this affects your organization:]<\/b>  <\/p>\n<p><b>Who is affected:<\/b>  <\/p>\n<ul>  <\/p>\n<li>Organizations using clients, scripts, or applications that rely on the legacy IDCRL authentication protocol to access SharePoint Online or OneDrive for Business.<\/li>\n<p>  <\/ul>\n<p>  <b>What will happen:<\/b>  <\/p>\n<ul>  <\/p>\n<li>Legacy authentication calls using IDCRL will be <b>blocked by default starting February 16, 2026<\/b>.<\/li>\n<p>  <\/p>\n<li><b>Temporary re-enablement is possible via PowerShell <\/b>until April 30, 2026.<\/li>\n<p>  <\/p>\n<li>After May 1, 2026, IDCRL authentication will be permanently retired and cannot be re-enabled.<\/li>\n<p>  <\/p>\n<li>Applications using IDCRL will fail to authenticate unless updated to use modern protocols.<\/li>\n<p>  <\/ul>\n<\/p>\n<p><b>[What you can do to prepare:]<\/b>  <\/p>\n<p>We recommend <b>migrating from legacy authentication protocols to modern authenticatio<\/b>n as soon as possible.&nbsp;<\/p>\n<p>To prepare for this retirement:<\/p>\n<ul>  <\/p>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint\/\" target=\"_blank\">Migrate all clients, scripts, and applications<\/a> to use OpenID Connect or OAuth protocols.&nbsp;<\/li>\n<p>  <\/p>\n<li>Review current configurations for IDCRL authentication.<\/li>\n<p>  <\/p>\n<li>Notify IT admins, app owners, and security teams about the upcoming retirement.<\/li>\n<p>  <\/p>\n<li>Updat<b>e<\/b> internal documentation to reflect the new authentication defaults.<\/li>\n<li>Use telemetry to identify usage of legacy authentication protocols and monitor migration progress.<\/li>\n<p>  <\/p>\n<li>Use PowerShell to manage legacy authentication settings if needed:<br \/> \n<ul>  <\/p>\n<li>Set <code>AllowLegacyAuthProtocolsEnabledSetting<\/code> and <code>LegacyAuthProtocolsEnabled<\/code> to  <code>TRUE<\/code> to temporarily allow legacy authentication until April 30, 2026.<\/li>\n<\/ul>\n<\/li>\n<li>Learn more:\n<ul>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/microsoft365dev\/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint\/\" target=\"_blank\">Migrating from IDCRL authentication to modern authentication in SharePoint | Microsoft 365 Developer Blog   | Microsoft Dev Blogs<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/powershell\/module\/microsoft.online.sharepoint.powershell\/set-spotenant?view=sharepoint-ps#-legacyauthprotocolsenabled\" target=\"_blank\">Set-SPOTenant (Microsoft.Online.SharePoint.PowerShell) | Microsoft Learn<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><b>[Compliance considerations:]<\/b><\/p>\n<p>No compliance considerations identified, review as appropriate for your organization.<\/p>\n<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1184649 | Microsoft SharePoint: Retirement of IDCRL authentication protocol and enforcement of OpenID Connec [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14838","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=14838"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14838\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=14838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=14838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=14838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}