Hello Team,

We received the below email and would like to know about this.

Product and Service Reminder

This notice is a reminder that your Okta service will be impacted by an event scheduled to occur on March 30 2025. Okta released an original notification to impacted customers on September 16 2024.

Notification Overview

Summary Okta is upgrading the Office 365 Single Sign-on (WS-Fed Auto) and Provisioning integration by removing the need for an Azure administrator account and moving to a more secure and resilient OAuth-based consent authentication flow leveraging the Microsoft Graph framework. This change aligns with Microsoft’s plans to enforce MFA for administrators and deprecate Azure AD Graph and MSOnline PowerShell cmdlets. To avoid any impact customers must migrate their Office 365 applications in Okta to leverage this new integration by December 31 2024.

Audience Customers who federate Office 365 with Okta using the WSFed Automatic configuration or have enabled Provisioning in the Office 365 application. Customers who federate Office 365 with Okta using Manual with PowerShell configuration please find the guidelines here.

Important Dates to Note 

By December 31 2024 To be proactive and secure our customers Okta requires all customers to consent and leverage the upgraded integrations. If no action is taken your SSO and Provisioning integration for Office 365 with Okta might be affected.

Microsoft will require Multi-Factor Authentication for any administrators signing into the Azure Ecosystem. This change will happen in two phases

Phase 1 Starting Oct 15 enforcement for MFA at sign-in for Azure portal only will roll out gradually to all tenants. Microsoft has clearly stated this phase will not impact other Azure clients such as Azure CLI Azure PowerShell and IaC tools. We do not anticipate any impact on your SSO and Provisioning integration on this date.

Phase 2 Starting in early 2025 enforcement for MFA at sign-in for Azure Command Line Interface (CLI) Azure PowerShell and Infrastructure as Code (IaC) tools will gradually roll out to all tenants. Microsoft has no definitive date for this phase at this point. 

By March 30 2025 Microsoft will end support for deprecated MS Online PowerShell cmdlets which might impact your integrations with Okta.

Product and Service Notification  

Okta is upgrading the Office 365 Single Sign-on (WS-Fed Auto) and Provisioning integration by moving to a more secure and resilient OAuth-based consent authentication flow leveraging the Microsoft Graph framework. 

To take advantage of this updated integration Customers must follow the required actions detailed below to migrate their Office 365 applications that have been enabled Single Sign-On (WSFed Auto) or Provisioning. 

Important Note

For Microsoft's Phase 1 we don’t anticipate any impact on Single Sign-On (WSFed Auto) or Provisioning for Office 365 applications on October 15 2024. 

However if your current integration with Okta uses an Azure admin account that requires login into the Azure Portal we strongly urge customers to leverage the updated Single Sign-On (WSFed Auto) or Provisioning Office 365 integrations before October 15. 

For more general info on what change is happening please refer to this FAQ.

Dates & Impacts 

Customers can start migrating their Office 365 applications to a modern and secure OAuth-based consent flow leveraging the MS Graph framework on the following dates.

September 19 2024 if the application is configured for Single Sign-on (WSFed Auto) 

September 24 2024 if the application is configured for Provisioning 

To follow best security practices Okta strongly recommends leveraging the updated integrations with the Microsoft Graph Framework and removing the need for the Azure administrator account from Single Sign-on and Provisioning by December 31 2024.