Deprecation of WS-Trust
Nov 19, 2021

Effective 1 April 2022 Microsoft will deprecate the WS-Trust authentication type also known as “Office365” authentication.

Who is affected?

This change impacts custom client applications that use “Office365” authentication and the Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy or 
Microsoft.Xrm.Tooling.Connector.CrmServiceClient classes to connect to the Dataverse.

Custom plug-ins, workflow activities, or on-premises/IFD service connections are not affected.

When is the WS-Trust authentication deactivated?

The WS-Trust security protocol is removed on 1 April 2022. All systems that are still relying on this type of authentication by then will no longer work or will go offline.

What should you do now?

In case you are affected, we urgently recommend switching all your systems using “Office365” authentication to OAuth. We are very happy to assist you with that.

Why is this change happening?

The WS-Trust authentication is deprecated to keep your systems and data safe.

This kind of authentication allowed users an easy login process. But it cannot keep up with current security and identity protection standards. Used in conjunction with a user account and password, the WS-Trust security protocol implements an authentication flow that presents both the user ID and password to the authenticating resource in ‘clear text’ form, relying solely on the transport encryption to provide security for the initial leg of the authentication, until such point as the token service returns an authentication token to use.

Modern forms of multi-factor authentication and conditional access controls to customer data are not supported either.

If you are uncertain whether the changes concern your systems, or you have any other questions or worries make sure to contact us!

Answering