diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 214895d..639f7b4 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -51,6 +51,7 @@ repos:
     rev: v1.89.0
     hooks:
       - id: semgrep
+        additional_dependencies: ["setuptools==81.0.0"]
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.5.0
     hooks:
diff --git a/LICENSE b/LICENSE
index 01f84e5..86185fe 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) 2017-2025 Splunk Inc.
+   Copyright (c) 2017-2026 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/NOTICE b/NOTICE
index 0176ec7..392f6d8 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR App: MS Graph for Office 365
-Copyright (c) 2017-2025 Splunk Inc.
+Copyright (c) 2017-2026 Splunk Inc.
 Third Party Software Attributions:
 
 @@@@============================================================================
diff --git a/README.md b/README.md
index 352ea0e..e96cdad 100644
--- a/README.md
+++ b/README.md
@@ -520,6 +520,8 @@ This section explains each configuration field in user-friendly terms.
 - **Checked**: Application permissions (organization-wide access for automation)
 - **Unchecked**: Delegated permissions (user-specific access for single-user scenarios)
 
+**Note**: If your organization uses [Role Based Access Control for Exchange Applications](https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac) (the successor to Application Access Policies) to restrict mailbox access, ensure **Admin Access Required** is checked. This enables the application permissions mode compatible with Exchange App RBAC.
+
 #### **Admin Consent Already Provided** (Optional, Default: Unchecked)
 
 - Check after completing admin consent process in Azure AD
@@ -2216,7 +2218,7 @@ ______________________________________________________________________
 
 Auto-generated Splunk SOAR Connector documentation.
 
-Copyright 2025 Splunk Inc.
+Copyright 2026 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/__init__.py b/__init__.py
index c8a2c5b..c6ac30e 100644
--- a/__init__.py
+++ b/__init__.py
@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2017-2025 Splunk Inc.
+# Copyright (c) 2017-2026 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/manual_readme_content.md b/manual_readme_content.md
index f1cd283..567d8f1 100644
--- a/manual_readme_content.md
+++ b/manual_readme_content.md
@@ -510,6 +510,8 @@ This section explains each configuration field in user-friendly terms.
 - **Checked**: Application permissions (organization-wide access for automation)
 - **Unchecked**: Delegated permissions (user-specific access for single-user scenarios)
 
+**Note**: If your organization uses [Role Based Access Control for Exchange Applications](https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac) (the successor to Application Access Policies) to restrict mailbox access, ensure **Admin Access Required** is checked. This enables the application permissions mode compatible with Exchange App RBAC.
+
 #### **Admin Consent Already Provided** (Optional, Default: Unchecked)
 
 - Check after completing admin consent process in Azure AD
diff --git a/office365.json b/office365.json
index 2b1aa54..dbf4df0 100644
--- a/office365.json
+++ b/office365.json
@@ -32,7 +32,7 @@
             "name": "Anton Neledov"
         }
     ],
-    "license": "Copyright (c) 2017-2025 Splunk Inc.",
+    "license": "Copyright (c) 2017-2026 Splunk Inc.",
     "app_version": "4.1.0",
     "utctime_updated": "2026-01-09T05:33:39.032641Z",
     "package_name": "phantom_msgraphoffice365",
@@ -8752,17 +8752,13 @@
     ],
     "pip39_dependencies": {
         "wheel": [
-            {
-                "module": "PyJWT",
-                "input_file": "wheels/py3/PyJWT-2.10.1-py3-none-any.whl"
-            },
             {
                 "module": "cffi",
                 "input_file": "wheels/py39/cffi-2.0.0-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "cryptography",
-                "input_file": "wheels/py3/cryptography-46.0.3-cp38-abi3-manylinux_2_28_x86_64.whl"
+                "input_file": "wheels/py3/cryptography-46.0.5-cp38-abi3-manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "msal",
@@ -8772,6 +8768,10 @@
                 "module": "pycparser",
                 "input_file": "wheels/py3/pycparser-2.23-py3-none-any.whl"
             },
+            {
+                "module": "pyjwt",
+                "input_file": "wheels/py3/pyjwt-2.12.1-py3-none-any.whl"
+            },
             {
                 "module": "typing_extensions",
                 "input_file": "wheels/py3/typing_extensions-4.15.0-py3-none-any.whl"
@@ -8780,17 +8780,13 @@
     },
     "pip313_dependencies": {
         "wheel": [
-            {
-                "module": "PyJWT",
-                "input_file": "wheels/py3/PyJWT-2.10.1-py3-none-any.whl"
-            },
             {
                 "module": "cffi",
                 "input_file": "wheels/py313/cffi-2.0.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "cryptography",
-                "input_file": "wheels/py3/cryptography-46.0.3-cp311-abi3-manylinux_2_28_x86_64.whl"
+                "input_file": "wheels/py3/cryptography-46.0.5-cp311-abi3-manylinux_2_28_x86_64.whl"
             },
             {
                 "module": "msal",
@@ -8798,7 +8794,11 @@
             },
             {
                 "module": "pycparser",
-                "input_file": "wheels/py3/pycparser-2.23-py3-none-any.whl"
+                "input_file": "wheels/py3/pycparser-3.0-py3-none-any.whl"
+            },
+            {
+                "module": "pyjwt",
+                "input_file": "wheels/py3/pyjwt-2.12.1-py3-none-any.whl"
             }
         ]
     }
diff --git a/office365_connector.py b/office365_connector.py
index 3db9d56..90e58d2 100644
--- a/office365_connector.py
+++ b/office365_connector.py
@@ -1,6 +1,6 @@
 # File: office365_connector.py
 #
-# Copyright (c) 2017-2025 Splunk Inc.
+# Copyright (c) 2017-2026 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -1427,22 +1427,25 @@ def _handle_test_connectivity(self, param):
         if self._admin_access or self._state["auth_type"] == "cba":
             message_failed = "API to fetch details of all the users failed"
             self.save_progress("Getting info about all users to verify token")
-            ret_val, response = self._make_rest_call_helper(action_result, "/users", params=params)
+            ret_val, _response = self._make_rest_call_helper(action_result, "/users", params=params)
         else:
             message_failed = "API to get user details failed"
             self.save_progress("Getting info about a single user to verify token")
-            ret_val, response = self._make_rest_call_helper(action_result, "/me", params=params)
+            ret_val, _response = self._make_rest_call_helper(action_result, "/me", params=params)
 
         if phantom.is_fail(ret_val):
+            result_msg = action_result.get_message()
+            if "403" in result_msg:
+                self.save_progress(
+                    "Warning: connectivity to Microsoft Graph was verified but the "
+                    "User.Read.All permission is not granted. Some actions may not work. "
+                    "For email use cases, ensure Mail.Read or Mail.ReadWrite permissions are configured.\nTest Connectivity Passed."
+                )
+                return action_result.set_status(phantom.APP_SUCCESS)
             self.save_progress(message_failed)
             self.save_progress("Test Connectivity Failed")
             return action_result.set_status(phantom.APP_ERROR)
 
-        value = response.get("value")
-
-        if value:
-            self.save_progress("Got user info")
-
         self.save_progress("Test Connectivity Passed")
 
         return action_result.set_status(phantom.APP_SUCCESS)
@@ -3238,9 +3241,12 @@ def _generate_new_oauth_access_token(self, action_result):
                 data["refresh_token"] = self._refresh_token
                 data["grant_type"] = "refresh_token"
             else:
-                return action_result.set_status(
-                    phantom.APP_ERROR,
-                    "Unexpected details retrieved from the state file.",
+                return (
+                    action_result.set_status(
+                        phantom.APP_ERROR,
+                        "Unexpected details retrieved from the state file.",
+                    ),
+                    None,
                 )
 
         self.debug_print("Generating token...")
diff --git a/office365_consts.py b/office365_consts.py
index 45d4779..97b4313 100644
--- a/office365_consts.py
+++ b/office365_consts.py
@@ -1,6 +1,6 @@
 # File: office365_consts.py
 #
-# Copyright (c) 2017-2025 Splunk Inc.
+# Copyright (c) 2017-2026 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/office365_get_email.html b/office365_get_email.html
index ba9f3ba..5149595 100644
--- a/office365_get_email.html
+++ b/office365_get_email.html
@@ -11,7 +11,7 @@
 {% block widget_content %}
   <!-- Main Start Block -->
   <!-- File: office365_get_email.html
-  Copyright (c) 2017-2025 Splunk Inc.
+  Copyright (c) 2017-2026 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/office365_get_rule.html b/office365_get_rule.html
index f8334e1..930cba6 100644
--- a/office365_get_rule.html
+++ b/office365_get_rule.html
@@ -11,7 +11,7 @@
 {% block widget_content %}
   <!-- Main Start Block -->
   <!-- File: office365_get_rule.html
-  Copyright (c) 2017-2025 Splunk Inc.
+  Copyright (c) 2017-2026 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/office365_list_events.html b/office365_list_events.html
index e191a66..d1f8860 100644
--- a/office365_list_events.html
+++ b/office365_list_events.html
@@ -11,7 +11,7 @@
 {% block widget_content %}
   <!-- Main Start Block -->
   <!-- File: office365_list_events.html
-  Copyright (c) 2017-2025 Splunk Inc.
+  Copyright (c) 2017-2026 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/office365_list_rules.html b/office365_list_rules.html
index 65c7fb6..7f90e42 100644
--- a/office365_list_rules.html
+++ b/office365_list_rules.html
@@ -11,7 +11,7 @@
 {% block widget_content %}
   <!-- Main Start Block -->
   <!-- File: office365_list_rules.html
-  Copyright (c) 2017-2025 Splunk Inc.
+  Copyright (c) 2017-2026 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/office365_resolve_name.html b/office365_resolve_name.html
index 353e101..f186dc2 100644
--- a/office365_resolve_name.html
+++ b/office365_resolve_name.html
@@ -11,7 +11,7 @@
 {% block widget_content %}
   <!-- Main Start Block -->
   <!-- File: office365_resolve_name.html
-  Copyright (c) 2017-2025 Splunk Inc.
+  Copyright (c) 2017-2026 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/office365_run_query.html b/office365_run_query.html
index 305c89a..377a695 100644
--- a/office365_run_query.html
+++ b/office365_run_query.html
@@ -11,7 +11,7 @@
 {% block widget_content %}
   <!-- Main Start Block -->
   <!-- File: office365_run_query.html
-  Copyright (c) 2017-2025 Splunk Inc.
+  Copyright (c) 2017-2026 Splunk Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/office365_view.py b/office365_view.py
index 64b1496..e5b4e63 100644
--- a/office365_view.py
+++ b/office365_view.py
@@ -1,6 +1,6 @@
 # File: office365_view.py
 #
-# Copyright (c) 2017-2025 Splunk Inc.
+# Copyright (c) 2017-2026 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/process_email.py b/process_email.py
index 1ab9e72..e613efc 100644
--- a/process_email.py
+++ b/process_email.py
@@ -1,6 +1,6 @@
 # File: process_email.py
 #
-# Copyright (c) 2017-2025 Splunk Inc.
+# Copyright (c) 2017-2026 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md
index fbcb2fd..7b80fba 100644
--- a/release_notes/unreleased.md
+++ b/release_notes/unreleased.md
@@ -1 +1,4 @@
 **Unreleased**
+
+* Fixed an OAuth token generation crash by returning a consistent tuple.
+* Test Connectivity now passes with a warning when Microsoft Graph returns a 403 (Forbidden), indicating connectivity is successful but the User.Read.All permission is not granted.
diff --git a/wheels/py3/PyJWT-2.10.1-py3-none-any.whl b/wheels/py3/PyJWT-2.10.1-py3-none-any.whl
deleted file mode 100644
index 6195c57..0000000
Binary files a/wheels/py3/PyJWT-2.10.1-py3-none-any.whl and /dev/null differ
diff --git a/wheels/py3/cryptography-46.0.3-cp311-abi3-manylinux_2_28_x86_64.whl b/wheels/py3/cryptography-46.0.3-cp311-abi3-manylinux_2_28_x86_64.whl
deleted file mode 100644
index 823e2c8..0000000
Binary files a/wheels/py3/cryptography-46.0.3-cp311-abi3-manylinux_2_28_x86_64.whl and /dev/null differ
diff --git a/wheels/py3/cryptography-46.0.3-cp38-abi3-manylinux_2_28_x86_64.whl b/wheels/py3/cryptography-46.0.3-cp38-abi3-manylinux_2_28_x86_64.whl
deleted file mode 100644
index ea525ae..0000000
Binary files a/wheels/py3/cryptography-46.0.3-cp38-abi3-manylinux_2_28_x86_64.whl and /dev/null differ
diff --git a/wheels/py3/cryptography-46.0.5-cp311-abi3-manylinux_2_28_x86_64.whl b/wheels/py3/cryptography-46.0.5-cp311-abi3-manylinux_2_28_x86_64.whl
new file mode 100644
index 0000000..1ba614e
Binary files /dev/null and b/wheels/py3/cryptography-46.0.5-cp311-abi3-manylinux_2_28_x86_64.whl differ
diff --git a/wheels/py3/cryptography-46.0.5-cp38-abi3-manylinux_2_28_x86_64.whl b/wheels/py3/cryptography-46.0.5-cp38-abi3-manylinux_2_28_x86_64.whl
new file mode 100644
index 0000000..c4a662f
Binary files /dev/null and b/wheels/py3/cryptography-46.0.5-cp38-abi3-manylinux_2_28_x86_64.whl differ
diff --git a/wheels/py3/pycparser-3.0-py3-none-any.whl b/wheels/py3/pycparser-3.0-py3-none-any.whl
new file mode 100644
index 0000000..6293e41
Binary files /dev/null and b/wheels/py3/pycparser-3.0-py3-none-any.whl differ
diff --git a/wheels/py3/pyjwt-2.12.1-py3-none-any.whl b/wheels/py3/pyjwt-2.12.1-py3-none-any.whl
new file mode 100644
index 0000000..63f17dd
Binary files /dev/null and b/wheels/py3/pyjwt-2.12.1-py3-none-any.whl differ