Merge pull request #5084 from OfficeDev/main

[Admin] Publish

Author: davidchesnut

docs/outlook/add-and-remove-attachments-to-an-item-in-a-compose-form.md

@@ -1,7 +1,7 @@
 ---
 title: Add and remove attachments in an Outlook add-in
 description: Use various attachment APIs to manage the files or Outlook items attached to the item the user is composing.
-ms.date: 02/18/2025
+ms.date: 03/12/2025
 ms.topic: how-to
 ms.localizationpriority: medium
 ---
@@ -47,7 +47,10 @@ To check for the outcome of an asynchronous method call in the callback function
 You can attach a file to a message or appointment in a compose form by using the `addFileAttachmentAsync` method and specifying the URI of the file. You can also use the `addFileAttachmentFromBase64Async` method, specifying the Base64-encoded string as input. If the file is protected, you can include an appropriate identity or authentication token as a URI query string parameter. Exchange will make a call to the URI to get the attachment, and the web service which protects the file will need to use the token as a means of authentication.
 
 > [!NOTE]
-> The URI of the file to be attached must support caching in production. The server hosting the image shouldn't return a `Cache-Control` header that specifies `no-cache`, `no-store`, or similar options in the HTTP response. However, when you're developing the add-in and making changes to files, caching can prevent you from seeing your changes. We recommend using `Cache-Control` headers during development.
+>
+> - The URI of the file to be attached must support caching in production. The server hosting the image shouldn't return a `Cache-Control` header that specifies `no-cache`, `no-store`, or similar options in the HTTP response. However, when you're developing the add-in and making changes to files, caching can prevent you from seeing your changes. We recommend using `Cache-Control` headers during development.
+>
+> - The `addFileAttachmentAsync` method doesn't support bitmap (BMP) images if they're added as inline attachments.
 
 The following JavaScript example is a compose add-in that attaches a file, **picture.png**, from a web server to the message or appointment being composed. The callback function takes `asyncResult` as a parameter, checks for the result status, and gets the attachment ID if the method succeeds.
 

docs/outlook/faq-nested-app-auth-outlook-legacy-tokens.md

@@ -4,7 +4,7 @@ description: Nested app authentication and Outlook legacy tokens deprecation FAQ
 ms.service: microsoft-365
 ms.subservice: add-ins
 ms.topic: faq
-ms.date: 02/27/2025
+ms.date: 03/11/2025
 ---
 
 # Nested app authentication and Outlook legacy tokens deprecation FAQ
@@ -92,9 +92,7 @@ If the add-in is deployed from Microsoft AppSource, most likely you'll be prompt
 
 ### Which add-ins in my organization are impacted?
 
-You can get a list of all add-ins that requested legacy Exchange Online tokens in the last seven days by using the `Get-AuthenticationPolicy -AllowLegacyExchangeTokens` command. For more information, see [Turn legacy Exchange Online tokens on or off](turn-exchange-tokens-on-off.md).
-
-Additionally, we published a list of all Outlook add-ins published to the Microsoft store that use legacy tokens as of October 2024. For more information on how to use the list and build a report of Outlook add-ins that are potentially using legacy tokens, see [Find Outlook add-ins that use legacy Exchange Online tokens](https://github.com/OfficeDev/office-js/tree/release/add-in-ids).
+We published a list of all Outlook add-ins published to the Microsoft store that use legacy tokens as of October 2024. For more information on how to use the list and build a report of Outlook add-ins that are potentially using legacy tokens, see [Find Outlook add-ins that use legacy Exchange Online tokens](https://github.com/OfficeDev/office-js/tree/release/add-in-ids).
 
 Add-ins may use the legacy tokens to get resources from Exchange through the EWS or Outlook REST APIs. Sometimes an add-in requires Exchange resources for some use cases and not others, making it difficult to figure out whether the add-in requires an update. We recommend reaching out to add-in developers and owners to ask them if their add-in code references the following APIs.
 
@@ -104,6 +102,9 @@ Add-ins may use the legacy tokens to get resources from Exchange through the EWS
 
 If you rely on an ISV for your add-in, we recommend you contact them as soon as possible to confirm they have a plan and a timeline for moving off of legacy Exchange tokens. ISV developers should reach out directly to their Microsoft contacts with questions to ensure they're ready for the end of Exchange legacy tokens. If you rely on a developer within your organization, they should review this FAQ and the article [Enable SSO in an Office Add-in using nested app authentication](../develop/enable-nested-app-authentication-in-your-add-in.md). Any questions should be raised on the [OfficeDev/office-js GitHub issues site](https://github.com/OfficeDev/office-js/issues).
 
+> [!NOTE]
+> We've been working to provide a command update to [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell) that reports any add-ins using legacy Exchange Online tokens. Unfortunately, we've had difficulties rolling out this update due to the complexities of capturing specific token usage in the Microsoft 365 ecosystem. We continue to work on this update and will provide new information in this FAQ when it is available.
+
 ### Where do I find which add-ins have consent?
 
 Once the admin or a user consents, it will be listed in the Microsoft Entra admin center. You can find app registrations using the following steps.

docs/outlook/turn-exchange-tokens-on-off.md

@@ -4,7 +4,7 @@ description: Turn legacy Exchange Online tokens on or off
 ms.service: microsoft-365
 ms.subservice: add-ins
 ms.topic: how-to
-ms.date: 02/27/2025
+ms.date: 03/11/2025
 ---
 
 # Turn legacy Exchange Online tokens on or off
@@ -64,30 +64,7 @@ Blocked: []
 PS C:\>
 ```
 
-We are deploying an update that enables a report of which add-ins requested an Exchange token in the last seven days, and whether the request was allowed or blocked. If your tenant has this update, you'll see a list of requests displayed in the **Allowed** or **Blocked** list. If an add-in was granted the token request, it appears in the **Allowed** list along with the date of the request. If the token request was denied, it appears in the **Blocked** list. It's possible for the same add-in to appear in both lists. This happens if the add-in was allowed to get tokens, but then tokens were turned off. The following example shows an add-in was blocked when it requested a token on February 25th.
-
-```console
-PS C:\> Get-AuthenticationPolicy -AllowLegacyExchangeTokens
-AllowLegacyExchangeTokens: False
-Allowed: []
-Blocked:
-[
-        { "49d3b812-abda-45b9-b478-9bc464ce5b9c" : "2025-02-25" }
-]
-PS C:\>
-```
-
-To identify any add-ins that were allowed or blocked Exchange tokens, use the `Get-App` command as shown in the following example.
-
-```console
-PS C:\> Get-App -Identity 49d3b812-abda-45b9-b478-9bc464ce5b9c | Select-Object -Property DisplayName, AppVersion, MarketplaceAssetID, ProviderName
-
-DisplayName            AppVersion MarketplaceAssetID ProviderName
------------            ---------- ------------------ ------------
-Script Lab for Outlook 4.0.0.0    WA200001603        Microsoft
-```
-
-The previous Script Lab example uses the **Get a user identity token** sample and the `getUserIdentityTokenAsync` function to make the request.
+We've been working to enable this command to report any add-ins using legacy Exchange Online tokens in the **Allowed** and **Blocked** lists. Unfortunately, we've had difficulties rolling out this update due to the complexities of capturing specific token usage in the Microsoft 365 ecosystem. We continue to work on this update and will provide new information in this article when it is available.
 
 > [!NOTE]
 > The `Get-AuthenticationPolicy -AllowLegacyExchangeTokens` command is the only way to view legacy token status. Other commands, such as `Get-AuthenticationPolicy | Format-Table -Auto Name`, don't return the legacy token status.