MFA App ID deprecation in Exchange Online

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

We wanted to inform you of an important update regarding MFA App ID (Microsoft Exchange Online Remote PowerShell App ID) used in Exchange Online. The MFA App ID (a0c73c16-a7e3-4564-9a95-2bdf47383716) will be deprecated by the end of March 2024. After that date, the App ID will no longer be operational.

What is the MFA app Id?

e MFA App ID is an Azure-based identifier used for authentication purposes to access Exchange Online resources. This App ID was specifically designed for the now-deprecated Exchange Online PowerShell v1 module also called as MFA v1 module, which has been replaced by the more robust Exchange Online v3 module. As the MFA module is no longer supported, and other use of this App ID was never officially documented and recommended by Microsoft, we have decided to proceed with its deprecation. We already made this deprecation announcement in Partner Center during February and August 2023.

Who is impacted by this change?

There are three ways in which you could possibly be impacted by this deprecation:

  • When you connect to Exchange Online using the Exchange Online PowerShell V3 module’s Connect-ExchangeOnline cmdlet, and you are using the -AccessToken parameter and passing the MFA App ID mentioned above.
  • You have written an in-house (home grown) app that still uses this App ID. Please check your source code for the presence of this App ID.
  • If you use a 3rd party app that uses this App ID, your tenant might get a Message Center post about this change. Please check with your 3rd party vendors if they used this App ID.

What you should do.

Although Microsoft never officially recommended the use of MFA App Id, we understand that over the years, some of our partners and customers may have taken dependency on this App ID. If you are currently using the MFA App ID, we urge you to transition away from it as soon as possible to avoid any service disruptions.

To replace the MFA App ID in case you use it, we recommend you start using the v3 PowerShell module without using MFA app id as an access token or create a new Application through the Azure portal, ensuring it has the necessary permissions for your required operations and make use of this newly created app ID to login to Exchange Online. For detailed information about Application Id creation and consumption you can refer to: App-only authentication in Exchange Online PowerShell and Security & Compliance PowerShell | Microsoft Learn.

Have additional concerns?

In case you have any concerns regarding the MFA app ID deprecation, you can reach out to us at MFAAppIDDeprecation(AT)

Exchange Online Manageability Team

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.