Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Who this guidance is for
IT administrators managing Microsoft 365 apps on Mac or iOS devices.
Important
A licensing update for Microsoft 365 apps on macOS and iOS takes effect on July 13, 2026. Devices that aren't updated to a supported app version enter reduced functionality mode, where users can open and view files but can't edit, save, or access full features. Administrators should ensure that all managed macOS and iOS devices run the versions needed to keep Microsoft 365 apps fully functional after July 13, 2026.
This issue only affects macOS and iOS devices. Windows and Android devices aren't affected.
Summary
Microsoft 365 apps use a digital certificate to validate licensing. The certificate currently in use expires on July 13, 2026. Apps that are updated to the minimum required versions already include the renewed certificate and continue to function normally. Apps on older versions enter reduced functionality mode after the certificate expires.
This isn't a security vulnerability. No customer data is at risk. The resolution is to update Microsoft 365 apps to the minimum required versions.
What administrators need to do
Identify affected devices
Devices are affected if they're running Microsoft 365 apps below the minimum required versions. Review your managed device inventory to identify:
macOS devices running Microsoft 365 apps earlier than version 16.83
iOS devices running Microsoft 365 apps earlier than version 2.93
Devices on operating system versions that can't support the required app update. For more information, see Upgrade macOS to continue receiving Office updates.
Deploy updates to affected devices
Use your organization's standard update management tools to deploy the required app versions:
Microsoft Intune: Use app update policies to target managed macOS and iOS devices. For macOS devices, you can deploy updates through Microsoft AutoUpdate (MAU) policies. For iOS devices, use app store update management. For more info, see Manage Microsoft 365 apps for macOS with Intune.
Microsoft Configuration Manager (SCCM/MECM): For co-managed macOS devices, deploy the latest Microsoft 365 app package. For more info, see Manage Microsoft 365 Apps updates with Configuration Manager.
Microsoft AutoUpdate (MAU): If your organization uses MAU preferences to manage updates, ensure that automatic updates are enabled or trigger a manual update cycle. For more info, see Update Office for macOS by using msupdate.
Tip
You can use the msupdate command-line tool to trigger updates on macOS devices remotely. Run
msupdate > installto update all Microsoft 365 apps to the latest available version.
Identify devices that can't be updated
Some devices can't receive the required update because they're running an operating system version that is too old. For these devices:
Upgrade the operating system: Where possible, upgrade devices to a supported OS version to enable the app update.
Migrate users to supported hardware: If devices can't be upgraded, plan to transition affected users to hardware that meets the minimum requirements.
Direct users to Microsoft 365 for the web: As an interim solution, affected users can access Word, Excel, PowerPoint, and other apps at microsoft.com from any supported browser. Web access is included with all Microsoft 365 subscriptions.
Minimum OS version requirements
Devices must run the following minimum operating system and app versions for Microsoft 365 apps to function correctly after July 13, 2026:
| Platform | Minimum OS version | Minimum app version |
|---|---|---|
| macOS | macOS 12 (Monterey) or later | 16.83 |
| iOS / iPadOS | iOS 17.0 or later | 2.93 |
Note
Microsoft supports Microsoft 365 apps on the three most recent major versions of macOS. As new macOS versions are released, the oldest supported version is dropped. For current supported versions, see Upgrade macOS to continue receiving Microsoft 365 and Office for macOS updates.
For details about which app builds include the renewed certificate, see Update history for Office for macOS.
Verifying update compliance
After deploying updates, verify that devices run the required minimum versions:
Microsoft Intune: Use the Discovered apps report to view installed app versions across managed devices. Filter by Microsoft 365 app names and compare against the minimum versions listed in the preceding table.
Configuration Manager: Use software inventory or compliance baselines to report on Microsoft 365 app versions across your macOS devices.
Manual verification: On individual devices, open any Office app and select the app name in the menu bar. For example, in the Word app, select Word in the menu bar, and then select About Word.
Impact on end users
Users on affected devices experience the following conditions:
Microsoft 365 apps (Word, Excel, PowerPoint, Outlook, OneNote) enter reduced functionality mode.
Users can open, view, and print existing files but can't edit, save, save as, or create new files.
This change occurs automatically after July 13, 2026, if the apps aren't updated.
No user data is lost or at risk. Once apps are updated to the required version, full functionality is restored.
Communicating to your users
If your organization has users who might be affected, consider proactively communicating the following information:
Updates are being deployed to resolve a certificate expiration that might cause Office apps to enter reduced-functionality mode.
Users don't need to take any action if devices are managed and updates are deployed centrally.
Users who experience reduced functionality should contact your organization’s help desk rather than attempting to troubleshoot independently.
If users have unmanaged personal devices with Microsoft 365 apps, direct them to the support article Update Microsoft 365 or Office on your macOS or iOS device.
Note
If users report that they're still in read-only mode after an update is deployed, ask them to fully quit the app (not just close the window), reopen it, and sign out and back in from the app's Account settings.
Frequently asked questions
Is this a security vulnerability?
No. The expiring certificate is used for license validation only. It doesn't represent a security vulnerability, and no customer data is at risk.
Does this affect Windows or Android devices?
No. This issue is specific to macOS and iOS devices. Windows and Android handle certificate validation differently and aren't affected.
Does this affect volume licensing or one-time purchase versions of Office?
This article applies to Microsoft 365 subscription plans only. For information about Office 2021 for Mac (one-time purchase) or Office 2019 for Mac (one-time purchase), see Update Microsoft 365 or Office on your macOS or iOS device.
What happens after the July 13, 2026 deadline?
Any macOS or iOS devices still running Microsoft 365 apps below the minimum required versions enter reduced functionality mode. You can resolve this issue at any time by updating the apps if you have a supported macOS or iOS device.
Can I push the update remotely?
Yes. On managed macOS devices, you can use the msupdate command-line tool or your MDM solution to push updates. On managed iOS devices, use your MDM's app update management capabilities. Forced updates might be constrained by available disk space, network connectivity, or device-level restrictions.
Is a Message Center post available?
Yes. A notification is posted to the Microsoft 365 admin center Message Center with details about this issue and recommended actions. To view the post, go to Microsoft 365 admin center and sign in.
Recommended action timeline
| Action | Details |
|---|---|
| Identify affected devices | Use Intune, Configuration Manager, or inventory tools to identify macOS and iOS devices running app versions below 16.83 (for macOS) or 2.93 (for iOS). |
| Deploy updates | Use your standard update management tooling to push the latest Microsoft 365 app versions to affected devices. |
| Address unsupported devices | Upgrade operating systems where possible. Plan hardware refresh for devices that can't be upgraded. Direct affected users to microsoft365.com as an interim solution. |
| Verify compliance | Confirm all managed devices are running the minimum required versions using your reporting tools. |
| Communicate to users | Notify affected users, particularly those with unmanaged devices, about the required update and available alternatives. |