Category
planForChange
Severity
normal
Major change
True
Last modified
2026-05-13 16:35:51
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
2026-01-30 08:00:00
Action by (AI)
—
Services
SharePoint Online, Microsoft OneDrive
Tags
Updated message, User impact, Admin impact, Retirement
Master tags
Admin, Security
Roadmap IDs
One-line summary
Legacy IDCRL authentication in SharePoint Online and OneDrive for Business will be retired; legacy auth blocked Feb 16, 2026, and permanently disabled after May 1, 2026. Migrate to modern auth now.
Similar updates
More like thisMC693863 (Updated) Azure ACS retirement in Microsoft 365
(Updated) Azure ACS retirement in Microsoft 365 Azure Access Control Services (ACS) retires for SharePoint Online on April 2, 2026; update custom apps and integrations to use Microsoft Entra ID for authentication. Since the first use of Azure Access Control Services (ACS) by SharePoint in 2013, Microsoft has evolved the authorization and.
MC1184996 (Updated) Legacy SharePoint Online Content Delivery Network (CDN) domain to be retired—review configurations
...cy SharePoint Online Content Delivery Network (CDN) domain to be retired—review configurations SharePoint Online is retiring the legacy publiccdn.sharepointonline.com CDN domain; update any hardcoded references to avoid 404 errors after March 31, 2026[Introduction] As part of ongoing service modernization, Microsoft has migrated the hosting of.
MC1193419 (Updated) Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions
(Updated) Content Security Policies (CSP) are coming to SharePoint Online and might impact your custom SPFx solutions SharePoint Online will enforce Content Security Policy from March 1, 2026, blocking scripts from non-trusted sources and requiring remediation for non-compliant SPFx solutions. Updated March 13, 2026: We have updated the timeline..
MC693865 (Updated) SharePoint Add-In retirement in Microsoft 365
(Updated) SharePoint Add-In retirement in Microsoft 365 SharePoint Add-Ins will retire and stop working after April 2, 2026; admins must migrate to SharePoint Framework (SPFx) as Add-Ins will become unusable. Updated March 2, 2026: This update serves as a f... Since the release of SharePoint Add-Ins in 2013, Microsoft has evolved SharePoint.
MC1055555 (Updated) Microsoft SharePoint Online: We will remove retired DISCO and WSDL web pages
(Updated) Microsoft SharePoint Online: We will remove retired DISCO and WSDL web pages SharePoint Online is removing deprecated ASP.NET DISCO and WSDL pages; removal began in late October 2025 and will finish by end of November 2025. Use Microsoft Graph for remote operations. Learn more: Removal of deprecated DISCO & WSDL aspx pages from.
MC1072889 (Updated) SharePoint Alerts retirement
(Updated) SharePoint Alerts retirement SharePoint Alerts will be retired; creation ends for all tenants Jan 2026, and all alerts stop working July 2026. Updated October 22, 2025: We have updated the content below with Power Automate templates to assist in this transition. Microsoft is retiring the SharePoint Alerts feature to streamline and.
Details
Summary
Microsoft is retiring the legacy IDCRL authentication protocol in SharePoint Online and OneDrive for Business by May 1, 2026, enforcing modern protocols OpenID Connect and OAuth. Legacy authentication will be blocked starting February 16, 2026, with temporary re-enablement until April 30, 2026. Organizations must migrate promptly.
Body (from Message Center)
Updated May 13, 2026: We have initiated the deprecation rollout and expect to reach 100% production coverage in the next few weeks. We strongly recommend that customers transition to modern authentication at the earliest opportunity. Thank you for your patience.
[Introduction:]
As part of the Microsoft Secure Future Initiative (SFI) and in alignment with the “Secure by Default” principle, we’re retiring the legacy IDCRL (Identity Client Run Time Library) authentication protocol in SharePoint Online and OneDrive for Business. This change helps strengthen your organization’s security posture by enforcing modern authentication standards—OpenID Connect and OAuth—which reduce exposure to outdated and vulnerable authentication methods.
[When this will happen:]
- Starting February 16, 2026: Legacy client authentication will be blocked by default. Organizations may temporarily re-enable it using PowerShell until April 30, 2026.
- Starting May 1, 2026: Legacy client authentication will be permanently blocked and cannot be re-enabled.
[How this affects your organization:]
Who is affected:
- Organizations using clients, scripts, or applications that rely on the legacy IDCRL authentication protocol to access SharePoint Online or OneDrive for Business.
- Legacy authentication calls using IDCRL will be blocked by default starting February 16, 2026.
- Temporary re-enablement is possible via PowerShell until April 30, 2026.
- After May 1, 2026, IDCRL authentication will be permanently retired and cannot be re-enabled.
- Applications using IDCRL will fail to authenticate unless updated to use modern protocols.
[What you can do to prepare:]
We recommend migrating from legacy authentication protocols to modern authentication as soon as possible.
To prepare for this retirement:
- Migrate all clients, scripts, and applications to use OpenID Connect or OAuth protocols.
- Review current configurations for IDCRL authentication.
- Notify IT admins, app owners, and security teams about the upcoming retirement.
- Update internal documentation to reflect the new authentication defaults.
- Use telemetry to identify usage of legacy authentication protocols and monitor migration progress.
- Use PowerShell to manage legacy authentication settings if needed:
- Set
AllowLegacyAuthProtocolsEnabledSettingandLegacyAuthProtocolsEnabledtoTRUEto temporarily allow legacy authentication until April 30, 2026.
- Set
- Learn more:
[Compliance considerations:]
No compliance considerations identified, review as appropriate for your organization.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": "2026-01-30T08:00:00Z",
"ai_action_required_by": null,
"ai_actions": [
"Identify applications using IDCRL",
"Migrate all clients/scripts to OpenID Connect or OAuth",
"Notify IT and app owners",
"Update internal documentation",
"Monitor for legacy auth usage",
"Use PowerShell for temporary access if needed"
],
"ai_master_tags": [
"Admin",
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Legacy IDCRL authentication in SharePoint Online and OneDrive for Business will be retired; legacy auth blocked Feb 16, 2026, and permanently disabled after May 1, 2026. Migrate to modern auth now.",
"ai_topics": [
"SharePoint",
"OneDrive"
],
"category": "planForChange",
"details_map": {
"Summary": "Microsoft is retiring the legacy IDCRL authentication protocol in SharePoint Online and OneDrive for Business by May 1, 2026, enforcing modern protocols OpenID Connect and OAuth. Legacy authentication will be blocked starting February 16, 2026, with temporary re-enablement until April 30, 2026. Organizations must migrate promptly."
},
"id": "MC1184649",
"importance": 5,
"is_major_change": true,
"last_modified": "2026-05-13T16:35:51Z",
"ms_products": [
"SharePoint",
"OneDrive"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"SharePoint Online",
"Microsoft OneDrive"
],
"severity": "normal",
"tags": [
"Updated message",
"User impact",
"Admin impact",
"Retirement"
],
"title": "Microsoft SharePoint: Retirement of IDCRL authentication protocol and enforcement of OpenID Connect and OAuth protocols"
}
}