Microsoft is deprecating the IDCRL cookie at the end of this month. As a result, Other User authentication will no longer work when connecting to Microsoft 365 (SharePoint Online and OneDrive for Business) in ShareGate Migrate.
To help you avoid disruptions, this article explains Microsoft's timeline, how you can extend the IDCRL cookie until May to start testing alternative connection methods, and understand the difference between these connection methods when Modern authentication is released in ShareGate Migrate on January 29.
What’s changing
Microsoft’s timeline
January 31, 2026
The IDCRL cookie is retired by default.
Tenant administrators can temporarily re-enable it using a PowerShell setting.
May 1, 2026
The IDCRL cookie is fully retired and cannot be used, even with tenant-level configuration.
ShareGate Migrate's timeline
On January 29, Modern authentication will be released, and Other User will be renamed to Manual (on-premises only), as this authentication method will remain available for on-premises SharePoint environments.
Recommendations
If you use the ShareGate Migrate UI
When Other user authentication is no longer available for Microsoft 365:
Review the differences between Browser authentication and Modern authentication (read the Alternative authentication methods section below).
Choose the authentication method that best fits your security and operational requirements.
If you use PowerShell scripts or schedule your migrations in the UI
If your PowerShell scripts or scheduled migration rely on Other User authentication, we recommend that you:
Delay the IDCRL cookie deprecation in your tenant until May 1.
Continue using Other User authentication temporarily.
Use this time to test Modern authentication (available January 29) or Browser authentication (read the Alternative authentication methods section below).
Update your PowerShell scripts to use a supported authentication method, or start scheduling your migrations with the new authentication method that works best for you.
Tip: To avoid re-entering your credentials every time a new connection is made in a PowerShell loop with Browser authentication or the upcoming Modern authentication with MFA enforced, you can connect only once and reuse that connection throughout your PowerShell script.
To learn how, see Avoid repeatedly entering your credentials with the browser connection method.
Delaying the deprecation gives you a controlled transition period and reduces the risk
of automation issues.
To delay the IDCRL deprecation:
Connect to SharePoint Online Management Shell.
Run the following commands:
Set-SPOTenant -AllowLegacyAuthProtocolsEnabledSetting $true
Set-SPOTenant -LegacyAuthProtocolsEnabled $true
Alternative authentication methods
Understanding the advantages and limitations of each authentication method will help you plan for the transition after the cutoff date.
Modern authentication
Releasing in ShareGate Migrate on January 29, 2026.
Advantages
The connection will not expire for at least 90 days.
You will be able to pass a username and password directly in a PowerShell script if your tenant does not enforce multi-factor authentication (MFA).
It is a more secure and preferred method of authentication.
Disadvantage
Modern authentication will have some limitations. For example, the top navigation in your pages and classic web parts will not be supported.
Note: A list of limitations will be published in our help center when modern authentication is released.
Browser authentication
Advantages
It has fewer limitations, especially if you are migrating classic SharePoint site objects.
It is already available, so you can start adapting your PowerShell scripts now.
Disadvantages
It's less secure than using Modern authentication.
Browser authentication expires after only a few days, making this connection method less ideal for large, complex PowerShell migrations that take days.
It does not offer the possibility to pass a username and password directly in your PowerShell script.