You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.

We are aware that there are a number of Data Broker jobs that are not completing as expected, which may result in financial information not updating as expected. Our internal teams are aware of this and we are reviewing to determine the cause.

We will provide updates through the Status article as we continue to work towards a resolution.

Home > Salentica Elements Support & FAQs > Microsoft Updating Salesforce Outlook Integration - Exchange Online Only
Microsoft Updating Salesforce Outlook Integration - Exchange Online Only
print icon

This article includes links to and includes information from outside resources. We are not responsible for the content on the external site. If there is a link that does not work, please email [email protected] and we will attempt to adjust the information with an updated link. 

Through its Secure Future Initiative, Microsoft is updating how Outlook add-ins, including the Salesforce Outlook Integration, handle security. In the coming months, Microsoft will deprecate old methods of allowing add-ins to access data, called Exchange tokens. Instead of Exchange tokens, Microsoft Outlook add-ins will use a newer, safer method called Nested App Authentication (NAA). NAA allows apps to use single sign-on (SSO). This means apps inside Outlook can log in securely using modern technology. The old Exchange tokens will stop working over time, and by October 2025, you won't be able to use them at all. 

Note: This change only impacts Exchange Online. Firms using on-premises Exchange environments do not need to take any action.

This change requires Microsoft 365 (M365) admins to take steps to prevent users from being able to access the Salesforce Outlook integration. Microsoft 365 Admins, not Salesforce Admins, will need to take action.

Action Required

1. Action 1 (Required): Verify that M365 is not configured with policies that will prevent the Outlook integration from working after Exchange Online tokens are turned off in the tenant. Failure to do so could prevent all users from accessing the Outlook integration.

The following scopes are required for the Salesforce Outlook integration to function:

  • Calendars.ReadWrite.Shared
  • email
  • Mail.ReadWrite.Shared
  • offline_access
  • openid
  • profile
  • User.Read
  • For example, if Calendars.ReadWrite.Shared is unavailable to all integrations, the Salesforce Outlook integration will not function.

2. Action 2 (suggested and Coming Soon): Use the Admin Consent Flow that is currently under development. This will automate the scope authorization process for all users in an account’s tenant so that individual users do not have to manually authorize the integration after Microsoft rolls out changes. This feature is currently unavailable but will be released soon. We will update this article when it is live. While not required, this step will make the migration more seamless for all users, and alleviate confusion around prompting a user to authenticate the application. Authorize the integration for all users in the tenant by clicking on the  “Outlook Integration and Sync” page in Setup.

Testing

Firms can also test before the deadlines. 

  • To test, firms can take the following actions before changes are rolled out: 

    • Authorize the Salesforce Outlook integration for users in the tenant using the Admin Consent Flow (please see the details from Microsoft).

    • Manually turn off Exchange Online tokens. Microsoft will be adding this capability in October 2024.  Latest timeline and updates can be found in the Microsoft FAQ here.

    • Launch the Outlook integration, verify the Microsoft authorization and Salesforce authentication flow, then verify users can access the application as expected.  

Timeline 

The following table lists the key milestones based on which channels firms are using. Learn more about Release Channels here

Date Release channel(s) Legacy tokens status and NAA General Availability (GA)
Oct 2024 All channels New PowerShell options for enabling/disabling legacy tokens for entire tenant or specific AppIDs.
Oct 2024 Current Channel Legacy tokens turned off for tenants not using them; NAA will GA in Current Channel.
Nov 2024 Monthly Enterprise Channel Legacy tokens turned off for tenants not using them; NAA will GA in Monthly Enterprise Channel.
Jan 2025 Current and Semi-Annual Channels Legacy tokens turned off for all tenants in Current and Semi-Annual Channels. Admins can reenable via PowerShell. NAA will GA in Semi-Annual Channels.
Feb 2025 Monthly Enterprise Channel Legacy tokens turned off for all tenants in Monthly Enterprise. Admins can reenable via PowerShell.
Jun 2025 Semi-Annual Extended Channel Legacy tokens off for all tenants in Semi-Annual Extended Channel. NAA will GA in Semi-Annual Extended Channel.
Jun 2025 All channels Admins can no longer re-enable legacy tokens via PowerShell; contact Microsoft.
Oct 2025 All channels Legacy tokens turned off for all tenants, there will be no re-enable option.

For more details, check out the Salesforce announcement here and the Microsoft FAQ here.

Salentica can be customized by your System Administrator, so your views & access may differ from this documentation. Please contact your System Administrator with specific questions.

Feedback
0 out of 0 found this helpful

scroll to top icon