diff --git a/docs/tutorials/auth-service-migration.md b/docs/tutorials/auth-service-migration.md
index 9e2633a12a..d12b0d5906 100644
--- a/docs/tutorials/auth-service-migration.md
+++ b/docs/tutorials/auth-service-migration.md
@@ -24,6 +24,8 @@ backend:
     dangerouslyDisableDefaultAuthPolicy: true
 ```
 
+Please note that this functionality will be removed in a future release, and you should migrate to using the new auth services as soon as possible or you would have to support your own service for issuing tokens.
+
 In short, this will allow requests through to plugins in your backend, even if they do not include any credentials. The requests will still be treated as unauthenticated however, which not all plugin endpoints may accept. For more information on the impact of this configuration, see the [auth service documentation](../backend-system/core-services/auth.md).
 
 ### Migrating the backend
diff --git a/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts b/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts
index 159da79435..1b2077e9a8 100644
--- a/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts
+++ b/packages/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts
@@ -22,6 +22,7 @@ import {
   BackstagePrincipalTypes,
   BackstageServicePrincipal,
   BackstageUserPrincipal,
+  LoggerService,
 } from '@backstage/backend-plugin-api';
 import { AuthenticationError, ForwardedError } from '@backstage/errors';
 import { JsonObject } from '@backstage/types';
@@ -47,6 +48,7 @@ export class DefaultAuthService implements AuthService {
     private readonly pluginId: string,
     private readonly disableDefaultAuthPolicy: boolean,
     private readonly pluginKeySource: PluginKeySource,
+    private readonly logger: LoggerService,
   ) {}
 
   async authenticate(
@@ -166,6 +168,9 @@ export class DefaultAuthService implements AuthService {
           });
         }
         // If the target plugin does not support the new auth service, fall back to using old token format
+        this.logger.warn(
+          'tokenManager is DEPRECATED, please migrate to the new auth service, see https://backstage.io/docs/tutorials/auth-service-migration for more information',
+        );
         return this.tokenManager.getToken().catch(error => {
           throw new ForwardedError(
             `Unable to generate legacy token for communication with the '${targetPluginId}' plugin. ` +
diff --git a/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts b/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts
index e275e2be00..b66ba7227f 100644
--- a/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts
+++ b/packages/backend-defaults/src/entrypoints/auth/authServiceFactory.ts
@@ -88,6 +88,7 @@ export const authServiceFactory = createServiceFactory({
       plugin.getId(),
       disableDefaultAuthPolicy,
       keySource,
+      logger,
     );
   },
 });