Update on report tool delay (#5081)

Author: davidchesnut

docs/outlook/faq-nested-app-auth-outlook-legacy-tokens.md

@@ -4,7 +4,7 @@ description: Nested app authentication and Outlook legacy tokens deprecation FAQ
 ms.service: microsoft-365
 ms.subservice: add-ins
 ms.topic: faq
-ms.date: 02/27/2025
+ms.date: 03/11/2025
 ---
 
 # Nested app authentication and Outlook legacy tokens deprecation FAQ
@@ -92,9 +92,7 @@ If the add-in is deployed from Microsoft AppSource, most likely you'll be prompt
 
 ### Which add-ins in my organization are impacted?
 
-You can get a list of all add-ins that requested legacy Exchange Online tokens in the last seven days by using the `Get-AuthenticationPolicy -AllowLegacyExchangeTokens` command. For more information, see [Turn legacy Exchange Online tokens on or off](turn-exchange-tokens-on-off.md).
-
-Additionally, we published a list of all Outlook add-ins published to the Microsoft store that use legacy tokens as of October 2024. For more information on how to use the list and build a report of Outlook add-ins that are potentially using legacy tokens, see [Find Outlook add-ins that use legacy Exchange Online tokens](https://github.com/OfficeDev/office-js/tree/release/add-in-ids).
+We published a list of all Outlook add-ins published to the Microsoft store that use legacy tokens as of October 2024. For more information on how to use the list and build a report of Outlook add-ins that are potentially using legacy tokens, see [Find Outlook add-ins that use legacy Exchange Online tokens](https://github.com/OfficeDev/office-js/tree/release/add-in-ids).
 
 Add-ins may use the legacy tokens to get resources from Exchange through the EWS or Outlook REST APIs. Sometimes an add-in requires Exchange resources for some use cases and not others, making it difficult to figure out whether the add-in requires an update. We recommend reaching out to add-in developers and owners to ask them if their add-in code references the following APIs.
 
@@ -104,6 +102,9 @@ Add-ins may use the legacy tokens to get resources from Exchange through the EWS
 
 If you rely on an ISV for your add-in, we recommend you contact them as soon as possible to confirm they have a plan and a timeline for moving off of legacy Exchange tokens. ISV developers should reach out directly to their Microsoft contacts with questions to ensure they're ready for the end of Exchange legacy tokens. If you rely on a developer within your organization, they should review this FAQ and the article [Enable SSO in an Office Add-in using nested app authentication](../develop/enable-nested-app-authentication-in-your-add-in.md). Any questions should be raised on the [OfficeDev/office-js GitHub issues site](https://github.com/OfficeDev/office-js/issues).
 
+> [!NOTE]
+> We've been working to provide a command update to [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) that reports any add-ins using legacy Exchange Online tokens. Unfortunately, we've had difficulties rolling out this update due to the complexities of capturing specific token usage in the Microsoft 365 ecosystem. We continue to work on this update and will provide new information in this FAQ when it is available.
+
 ### Where do I find which add-ins have consent?
 
 Once the admin or a user consents, it will be listed in the Microsoft Entra admin center. You can find app registrations using the following steps.

docs/outlook/turn-exchange-tokens-on-off.md

@@ -4,7 +4,7 @@ description: Turn legacy Exchange Online tokens on or off
 ms.service: microsoft-365
 ms.subservice: add-ins
 ms.topic: how-to
-ms.date: 02/27/2025
+ms.date: 03/11/2025
 ---
 
 # Turn legacy Exchange Online tokens on or off
@@ -64,30 +64,7 @@ Blocked: []
 PS C:\>
 ```
 
-We are deploying an update that enables a report of which add-ins requested an Exchange token in the last seven days, and whether the request was allowed or blocked. If your tenant has this update, you'll see a list of requests displayed in the **Allowed** or **Blocked** list. If an add-in was granted the token request, it appears in the **Allowed** list along with the date of the request. If the token request was denied, it appears in the **Blocked** list. It's possible for the same add-in to appear in both lists. This happens if the add-in was allowed to get tokens, but then tokens were turned off. The following example shows an add-in was blocked when it requested a token on February 25th.
-
-```console
-PS C:\> Get-AuthenticationPolicy -AllowLegacyExchangeTokens
-AllowLegacyExchangeTokens: False
-Allowed: []
-Blocked:
-[
-        { "49d3b812-abda-45b9-b478-9bc464ce5b9c" : "2025-02-25" }
-]
-PS C:\>
-```
-
-To identify any add-ins that were allowed or blocked Exchange tokens, use the `Get-App` command as shown in the following example.
-
-```console
-PS C:\> Get-App -Identity 49d3b812-abda-45b9-b478-9bc464ce5b9c | Select-Object -Property DisplayName, AppVersion, MarketplaceAssetID, ProviderName
-
-DisplayName            AppVersion MarketplaceAssetID ProviderName
------------            ---------- ------------------ ------------
-Script Lab for Outlook 4.0.0.0    WA200001603        Microsoft
-```
-
-The previous Script Lab example uses the **Get a user identity token** sample and the `getUserIdentityTokenAsync` function to make the request.
+We've been working to enable this command to report any add-ins using legacy Exchange Online tokens in the **Allowed** and **Blocked** lists. Unfortunately, we've had difficulties rolling out this update due to the complexities of capturing specific token usage in the Microsoft 365 ecosystem. We continue to work on this update and will provide new information in this article when it is available.
 
 > [!NOTE]
 > The `Get-AuthenticationPolicy -AllowLegacyExchangeTokens` command is the only way to view legacy token status. Other commands, such as `Get-AuthenticationPolicy | Format-Table -Auto Name`, don't return the legacy token status.