MC1184649 – Microsoft SharePoint: Retirement of IDCRL authentication protocol and enforcement of OpenID Connect and OAuth protocols

Product:

OneDrive, SharePoint

Platform:

Developer, Online, World tenant

Status:

Change type:

User impact, Admin impact, Retirement

Links:

Details:

Summary:
Microsoft is retiring the legacy IDCRL authentication protocol in SharePoint Online and OneDrive for Business by January 31, 2026, enforcing modern OpenID Connect and OAuth protocols. Legacy authentication will be blocked by default, with temporary re-enablement via PowerShell until April 30, 2026, and permanent retirement from May 1, 2026. Organizations should migrate to modern authentication promptly.

Details:
[Introduction:]
As part of the Microsoft Secure Future Initiative (SFI) and in alignment with the "Secure by Default" principle, we're retiring the legacy IDCRL (Identity Client Run Time Library) authentication protocol in SharePoint Online and OneDrive for Business. This change helps strengthen your organization's security posture by enforcing modern authentication standards-OpenID Connect and OAuth-which reduce exposure to outdated and vulnerable authentication methods.
[When this will happen:]
Starting January 31, 2026: Legacy client authentication will be blocked by default. Organizations may temporarily re-enable it using PowerShell until April 30, 2026.
Starting May 1, 2026: Legacy client authentication will be permanently blocked and cannot be re-enabled.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-11-11

updated:
2025-11-11

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Authentication Failure
Applications relying on IDCRL will fail to authenticate, leading to service disruptions for users accessing SharePoint Online and OneDrive.
   - roles: IT Administrators, End Users
   - references: https://devblogs.microsoft.com/microsoft365dev/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint/

Increased Support Requests
Users may experience issues logging in, resulting in a surge of support requests to IT helpdesk due to lack of preparation for the change.
   - roles: Helpdesk Support, End Users
   - references: https://devblogs.microsoft.com/microsoft365dev/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint/

Security Vulnerabilities
Continuing to use legacy authentication without migration may expose the organization to security risks, as IDCRL is outdated and vulnerable.
   - roles: Security Teams, IT Administrators
   - references: https://devblogs.microsoft.com/microsoft365dev/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint/

Operational Downtime
If applications are not updated to use modern authentication, critical business operations may face downtime post-retirement of IDCRL.
   - roles: Application Owners, IT Administrators
   - references: https://devblogs.microsoft.com/microsoft365dev/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint/

User Experience Degradation
Users may face degraded experience due to authentication issues, leading to frustration and decreased productivity.
   - roles: End Users, IT Administrators
   - references: https://devblogs.microsoft.com/microsoft365dev/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint/

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only