SharePoint: Major Update – Retirement of IDCRL authentication protocol (legacy authentication) and enforcement of OpenID Connect and OAuth protocols (modern authentication) – Action need to taken by April 30

Hi All,

Greetings.

Today, reminding one of the SharePoint Major Update – Retirement of IDCRL authentication protocol and enforcement of OpenID Connect and OAuth protocols

Details

• As part of the Microsoft Secure Future Initiative (SFI) and in alignment with the “Secure by Default” principle, Microsoft is retiring the legacy IDCRL (Identity Client Run Time Library) authentication protocol in SharePoint Online and OneDrive for Business.
• This change helps to strengthen our organization’s security posture by enforcing modern authentication standards-OpenID Connect and OAuth. These standards reduce exposure to outdated and vulnerable authentication methods.

Timelines

• Starting February 16, 2026: Legacy client authentication will be blocked by default.
• Organizations may temporarily re-enable it using PowerShell until April 30, 2026. (Refer the article – https://knowledge-junction.in/2025/06/22/m365-powershell-retrieve-tenant-settings/ )
• Starting May 1, 2026: Legacy client authentication will be permanently blocked and cannot be re-enabled.

• Applications using IDCRL will fail to authenticate unless updated to use modern protocols.
• Microsoft recommends migrating from legacy authentication protocols to modern authentication as soon as possible. 

References

• Microsoft 365: PowerShell – How to retrieve tenant settings – https://knowledge-junction.in/2025/06/22/m365-powershell-retrieve-tenant-settings/
• Migrating from IDCRL authentication to modern authentication in SharePoint – https://devblogs.microsoft.com/microsoft365dev/migrating-from-idcrl-authentication-to-modern-authentication-in-sharepoint/