MC1093233 – Important Update: Token Protection Policy for Power Query in Excel (archived)

Product:

Entra, Exchange, Microsoft 365 Apps, Purview Information Protection, SharePoint

Platform:

Online, World tenant

Status:

Change type:

Feature update, Admin impact

Links:

Details:

Summary:
Important Update: Token Protection Policy for Power Query in Excel may block data import scenarios requiring Azure Active Directory authentication, affecting sources like SharePoint and Microsoft Exchange. Review Conditional Access policies and update documentation. The feature is in Public Preview.

Details:
As part of the Microsoft Entra Conditional Access Token Protection feature rollout, we're notifying you of potential impacts to Power Query in Excel. This feature enhances token security but may block certain data import scenarios in Excel when applied.
[When this will happen:]
This feature is currently available in Public Preview, as outlined in the Microsoft Product Terms.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-06-13

updated:
2025-06-13

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Data Import Blockage
Power Query in Excel may block data import scenarios requiring Azure Active Directory authentication, affecting access to sources like SharePoint and Microsoft Exchange.
   - roles: Data Analysts, Business Users
   - references: https://learn.microsoft.com/entra/identity/conditional-access/concept-token-protection#known-limitations, https://support.microsoft.com/office/import-data-from-data-sources-power-query-be4330b3-5356-486c-a168-b68e9e616f5a#ID0EBH=Newer_versions

User Experience Disruption
Users relying on Power Query for data connections may experience disruptions, leading to potential delays in reporting and analysis tasks.
   - roles: Data Analysts, Report Developers
   - references: https://learn.microsoft.com/entra/identity/conditional-access/concept-token-protection#known-limitations, https://support.microsoft.com/office/import-data-from-data-sources-power-query-be4330b3-5356-486c-a168-b68e9e616f5a#ID0EBH=Newer_versions

Documentation and Helpdesk Strain
Increased inquiries to helpdesk and the need for updated internal documentation due to confusion over new token protection policies.
   - roles: Helpdesk Staff, IT Administrators
   - references: https://learn.microsoft.com/entra/identity/conditional-access/concept-token-protection#known-limitations, https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft has introduced a new feature called Token Protection Policy for Power Query in Excel, which might affect how you import data from certain sources like SharePoint and Microsoft Exchange. Think of this like adding a new lock to your office door. This lock makes sure that only the right people can enter, enhancing security. However, if you have team members who frequently come and go, they might need to get used to this new lock or even get a new key.

In the case of Power Query, this new "lock" is the Conditional Access Token Protection feature. It ensures that only authorized users can access certain data, adding an extra layer of security. But just like the new lock might slow down entry into the office, this feature might block or slow down data imports in Excel if it requires Azure Active Directory (AAD) authentication.

If your team uses Power Query to connect to data sources like SharePoint or Microsoft Exchange, you should review your Conditional Access policies. It's like checking who needs a key to the new lock and making sure they have it before the lock is installed. This way, you avoid any disruptions in your team's workflow.

Make sure to inform your helpdesk and update any internal documentation to guide your team through these changes. This is similar to sending out a memo about the new office lock and how to use it, ensuring everyone is on the same page.

Lastly, consider how this change might affect data processing, storage, or access. If your organization uses data loss prevention (DLP) or information protection policies, this new feature might interact with those in ways that need to be addressed. It's like ensuring the new lock doesn't interfere with the building's fire safety systems. For more detailed guidance, you can refer to Microsoft's documentation on these topics.