There are a few places where we need to update the token but it depends upon your configurations and your subscription mode.

Go to Settings->Realm settings and check whether the realm is Local Realm or Application Realm.

If you are using Local Realm, please follow the below steps.

1. Powershell file which is used to generate the token has been attached with this solution article.

2. Navigate to the location and right-click on the O365GetToken.ps1 file.

3. Select Run with PowerShell.

4. Enter the appropriate service account’s email address and password.

5. Copy the generated Refresh token.

6. Paste the Refresh Token in the Private key field of the realm.


The refresh token’s default lifetime is 90 days. However, the validity period may differ if the policy is explicitly assigned and enforced.

Refresh tokens are valid for 90 days, and with continuous use, they can be valid until revoked. 

Refresh tokens can be invalidated by several events such as:

• User's password has changed since the refresh token was issued.

• An administrator can apply conditional access policies that restrict access to the resource the user is trying to access.

If you are using Application Realm, then please follow the below instructions

. To update the Application realm, we need to go into DSD module

Please navigate to Connectors/Integrations from the home page >> Click Office 365 Connector >> Authentication >> Edit >> Update the Refresh Token under Security & Compliance API and hit the Test Button.

Once the test is successful, click the Save button. Please ensure that a green tick mark is displayed near the Authentication and Auto Discovery section as in the above Screenshot.

Note: Above DSD configuration update is applicable only if you use the DSD product, if not updating the token in Local Realm is sufficient