MC1189663 - Retirement of external access token for actionable messages – moving to Microsoft Entra authentication

Message ID

MC1189663

View in Message Center

Service

Microsoft 365 apps

Last Updated

Mar 24, 2026

Published Nov 25, 2025

Tag

Major change

Updated message

Admin impact

Retirement

Act by

Mar 30, 2026

Summary

External access tokens for actionable messages will be retired on May 15, 2026, requiring organizations to switch to Microsoft Entra authentication. This change enhances security and affects all integrations using actionable messages with external tokens, which will fail after the deadline. Organizations should update their implementations accordingly.

More information

Updated March 24, 2026: We have updated the timeline. Thank you for your patience.

Introduction

We’re retiring the use of external access tokens for actionable messages and transitioning to Microsoft Entra-based authentication. This update enhances security and aligns with modern identity standards, providing a more robust and compliant experience for actionable messages.

When this will happen

This change takes effect on May 15, 2026. After this date, external access tokens will no longer be supported.

How this affects your organization

Who is affected:

Organizations using actionable messages that currently rely on external access tokens.

What will happen:

Actionable messages that depend on external access tokens will fail after May 15, 2026.
All integrations and workflows using actionable messages must adopt Microsoft Entra authentication.
This change improves security posture by leveraging Entra’s identity and access management capabilities.

What you can do to prepare

Review all actionable message implementations in your organization.
Update integrations to use Microsoft Entra authentication before May 15, 2026.

Learn more:

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.