Update switches for legacy Exchange tokens

Author: samantharamon

exchange/exchange-ps/exchange/Get-AuthenticationPolicy.md

@@ -21,6 +21,7 @@ For information about the parameter sets in the Syntax section below, see [Excha
 
 ```
 Get-AuthenticationPolicy [[-Identity] <AuthPolicyIdParameter>]
+ [-AllowLegacyExchangeTokens]
  [-TenantId <String>]
  [<CommonParameters>]
 ```
@@ -46,6 +47,31 @@ This example returns detailed information for the authentication policy named En
 
 ## PARAMETERS
 
+### -AllowLegacyExchangeTokens
+This parameter is available only in the cloud-based service.
+
+The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the tenant. It also identifies the IDs of the Outlook add-ins that have been allowed or blocked from using legacy tokens. You don't need to specify a value with this switch.
+
+Legacy Exchange tokens include Exchange user identity and callback tokens.
+
+**Important**:
+
+- Blocking legacy Exchange tokens may cause some Microsoft add-ins to stop working in your tenant. These add-ins are being updated to no longer use legacy tokens.
+- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+Applicable: Exchange Online, Exchange Online Protection
+
+Required: False
+Position: Named
+Default value: True
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Identity
 The Identity parameter specifies the authentication policy you want to view. You can use any value that uniquely identifies the policy. For example:
 

exchange/exchange-ps/exchange/Remove-AuthenticationPolicy.md

@@ -66,7 +66,14 @@ Accept wildcard characters: False
 ### -AllowLegacyExchangeTokens
 This parameter is available only in the cloud-based service.
 
-This parameter is reserved for internal Microsoft use.
+The AllowLegacyExchangeTokens switch returns your tenant to its previous state before changes were made to allow or block legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens.
+
+This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch.
+
+**Important**:
+
+- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes.
+- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter

exchange/exchange-ps/exchange/Set-AuthenticationPolicy.md

@@ -354,7 +354,14 @@ Accept wildcard characters: False
 ### -AllowLegacyExchangeTokens
 This parameter is available only in the cloud-based service.
 
-This parameter is reserved for internal Microsoft use.
+The AllowLegacyExchangeTokens switch specifies whether to allow legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens.
+
+This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch.
+
+**Important**:
+
+- The AllowLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes.
+- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter
@@ -540,7 +547,15 @@ Accept wildcard characters: False
 ### -BlockLegacyExchangeTokens
 This parameter is available only in the cloud-based service.
 
-This parameter is reserved for internal Microsoft use.
+The BlockLegacyExchangeTokens switch specifies whether to block legacy Exchange tokens for Outlook add-ins. Legacy Exchange tokens include Exchange user identity and callback tokens.
+
+This switch applies to your entire tenant even if you specify an authentication policy in the Identity parameter. You don't need to specify a value with this switch.
+
+**Important**:
+
+- The BlockLegacyExchangeTokens switch disregards other authentication policy parameters used in the same cmdlet. We recommend making separate calls for other authentication policy changes.
+- Blocking legacy Exchange tokens may cause some Microsoft add-ins to stop working in your tenant. These add-ins are being updated to no longer use legacy tokens.
+- Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see [Nested app authentication and Outlook legacy tokens deprecation FAQ](https://learn.microsoft.com/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens#what-is-the-timeline-for-shutting-down-legacy-exchange-online-tokens).
 
 ```yaml
 Type: SwitchParameter
@@ -550,7 +565,7 @@ Applicable: Exchange Online, Exchange Online Protection
 
 Required: False
 Position: Named
-Default value: True
+Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```