Merge pull request #11916 from MicrosoftDocs/EmailAuth-chrisda

EmailAuth-chrisda to Main

Author: chrisda

exchange/exchange-ps/exchange/New-AuthenticationPolicy.md

@@ -34,6 +34,7 @@ New-AuthenticationPolicy [[-Name] <String>]
  [-AllowBasicAuthRpc]
  [-AllowBasicAuthSmtp]
  [-AllowBasicAuthWebServices]
+ [-AllowLegacyExchangeTokens]
  [-BlockLegacyAuthActiveSync]
  [-BlockLegacyAuthAutodiscover]
  [-BlockLegacyAuthImap]
@@ -332,6 +333,33 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AllowLegacyExchangeTokens
+This parameter is available only in the cloud-based service.
+
+The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens. You don't need to specify a value with this switch.
+
+Legacy Exchange tokens (for example, Exchange user identity and callback tokens) are used by Outlook add-ins.
+
+**Important**:
+
+- The Microsoft Report Message and Report Phishing add-ins require legacy Exchange tokens to work.
+- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations.
+
+For more information on the Report Message and Report Phishing add-ins, see [Enable the Microsoft Report Message or the Report Phishing add-ins](https://learn.microsoft.com/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure).
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -BlockLegacyAuthActiveSync
 This parameter is available only in on-premises Exchange.
 

exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md

@@ -34,6 +34,7 @@ Set-AuthenticationPolicy [-Identity] <AuthPolicyIdParameter>
  [-AllowBasicAuthRpc]
  [-AllowBasicAuthSmtp]
  [-AllowBasicAuthWebServices]
+ [-AllowLegacyExchangeTokens]
  [-BlockLegacyAuthActiveSync]
  [-BlockLegacyAuthAutodiscover]
  [-BlockLegacyAuthImap]
@@ -348,6 +349,33 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AllowLegacyExchangeTokens
+This parameter is available only in the cloud-based service.
+
+The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens. You don't need to specify a value with this switch.
+
+Legacy Exchange tokens (for example, Exchange user identity and callback tokens) are used by Outlook add-ins.
+
+**Important**:
+
+- The Microsoft Report Message and Report Phishing add-ins require legacy Exchange tokens to work.
+- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations.
+
+For more information on the Report Message and Report Phishing add-ins, see [Enable the Microsoft Report Message or the Report Phishing add-ins](https://learn.microsoft.com/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure).
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -BlockLegacyAuthActiveSync
 This parameter is available only in on-premises Exchange.