(Updated) Retirement of IDCRL based sign-in in Office Win32 clients

New SharePoint Feature

From Microsoft Corporation

C222132, Plan For Change, Published date: Sep 14, 2020

Major update: AnnouncementApplies To: AllUpdated September 22, 2020: We have updated this post to ensure it is displaying as intended.

Office has introduced a modern and OAuth based authentication mechanism in Office 2016 and Microsoft 365 Apps for enterprise Win32 clients. Modern auth has been the default way of authentication in Office apps since the release of Office 365 ProPlus, more than 4 years ago. We however allowed customers to override this behavior by setting a regkey EnableADAL to 0 so that they could continue to use the legacy form of authentication against Microsoft 365 resources like SharePoint. This legacy form of authentication was powered by a library called IDCRL. It should be noted that the legacy form of authentication for Exchange Online is basic auth, which is different from IDCRL.

Our data suggests that less than 1% of commercial/organization users have overridden the default setting and are still using IDCRL for authentication purposes in Microsoft 365 Apps for enterprise. Modern auth is a more secure way of signing-in. It also allows additional security features like AAD conditional access using multi-factor authentication and device compliance and policies around them.

We are going to remove support for IDCRL library in newer builds of Microsoft 365 Apps for enterprise so that applications like Word, Excel, PowerPoint, OneNote will always use modern authentication with Microsoft 365 resources. This change will not impact Outlook, which uses basic authentication to communicate with Exchange when the EnableADAL regkey is set to 0.

Key points:

  • Major: Retirement
  • Timing:
    • Starting with Current Channel of Microsoft 365 Apps for enterprise version 2010
    • Semi-Annual Enterprise Channel (Preview) starting version 2102 in March 2021
    • Semi-Annual Enterprise Channel in July 2021.
  • Action: No action, this is for awareness

How this affects your organization:

When the change is implemented, users may see a sign-in prompt on each impacted device.

Note: this affects only newer builds of Microsoft 365 Apps for enterprise and does NOT impact Office 2016 and 2019 perpetual products.What you need to do to prepare:

There is nothing you need to do as this notice is for awareness.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.