Python code samples published by Microsoft at the Microsoft Graph API reference pages use GraphServiceClient module. But you also can use just requests module and call Microsoft graph API directly, using requests.post or requests.get methods. Here I’m sharing my Python code samples.
https://github.com/VladilenK/m365-with-Python/tree/main/Graph-API-Plain
Since Microsoft announced EOL of ACS in 2026, we as SharePoint administrators must be prepared, as it is a really big deal – entire era of SharePoint app-only service principals will gone. SharePoint developers used this kind of authentication since 2013 to build their solutions. And when it comes to software development – it always takes time. Imaging all the code that was designed since 2013 needs to be reviewed and re-written to adopt changes. So it is critical that we should take measures now to avoid huge problems in April 2026.
High-level recommended steps are:
Creating App Registrations is usually not what SharePoint admins do. Sometimes users allowed to register apps, sometimes it is done by identity management (or so) but the main idea – users and developers should be able to get service principals (App Registrations) in Azure.
Pro’s for App Registered in Entra Id (vs SharePoint App-only service principals) :
99% of requests for application permissions to SharePoint would require access to a specific site (or sites), not to entire tenant. So consider providing Sites.Selected permissions by default. Create a process so users can request permissions to SharePoint sites for their Azure-Registered Apps. Consider automation if you are a large company.
Inform every developer that ACS is deprecated and you do not provide new ACS permissions.
Users should not be able to get a new SharePoint App-only service principals (apps that they used to get from SharePoint sites just going to AppRegNew.aspx).
Disable ability for site owners register service principals in SharePoint via appregnew.aspx is done via Set-SPOTenant PowerShell cmdlet:
Set-SPOTenant -SiteOwnerManageLegacyServicePrincipalEnabled $false
When the value is set to false, the service principal can only be created or updated by the SharePoint tenant admin. Your users will start seeing “Your SharePoint tenant admin doesn’t allow site collection admins…” message (see details), but that’s ok.
There might be rare cases when 3-rd party apps require legacy ACS-based permissions, it is tempting to allow ACS permissions as an exception (as technically it is possible for SharePoint service admin to provide ACS-based access to sites), but I would strictly discourage you to do so. If you decide to provide ACS – track this activity (so you know for whom this ACS-based permissions were provided).
This should be done in advance, but if you did not – starting today and until it’s over you’d get audit logs from Microsoft 365 purview center – consider selecting all events anyone visited appinv.aspx or appregnew.aspx page. Pull logs now starting with earliest available event (usually 90 days).
You need to know who are your vulnerable clients – you should pull reports to get a list of existing Apps that use ACS permissions, apps owners, maybe sites these apps have access to and sites owners
You can get list of developers combining
– audit log data
– report from Entra Id on apps and owners
– report from SharePoint sites on permissions provided for apps
As earlier as possible – e.g. in March-April 2025 (1 year before ACS EOL), start notifying developers who use ACS.
Consider the following:
– ACS apps have a huge legacy – tons of articles and code examples and so…
– Switching to a modern authentication method would require changes in code (though minor, but still), so developers must be engaged
– Any change in code would require another round of compilation, testing, deploying etc.
That means it is not easy (sometimes it is not even possible) to adopt a new modern authentication method. It requires efforts and time, so you need to notify dev as earlier as possible.
Let hem know that their existing apps will stop working.
Though search in Microsoft 365 SharePoint is good out-of-the box and you can do a full-text search and refine your results by “File type” and “Last modified”, but what if you want your content be tagged with your custom metadata (e.g. “Article category”), and you want to be able to refine your search results based on this metadata? I’d say it is possible and I’ll provide the solution below. The solution includes working with site term store (creating terms, term groups, term sets), configuring list/library columns and updating site search schema (mapping crawled properties to managed properties).
If you think you have a lot of duplicated files that consumes your hard drive storage space, this article is for you. Personally, I have a lot of video and pictures on my working hard drive and on a backup HDD. While working with photos and videos I can rename files, copy or move them from folders to folders. As a result, I end up with gigabytes and terabytes occupied with duplicated files. So I need a tool to a) find duplicated files and b) remove duplications. I tried to find good scripts but somehow I was not happy with what I found, so I wrote scripts myself.
Surely you can buy/try a 3-rd party toot with GUI, but if you are comfortable with PowerShell – consider the following.
…
There is a new site – Birds of Eurasia Best Pictures – with a lot of good pictures of birds from all of the Eurasian continent. It does not seem that pictures are professional, sooner shots are made by amature birdwatchers, but some pictures are really nice.
Pictures are updated around weekly. Here is an example:
Shoot in Mongolia by Oleg Belyalov
Another great picture:
Collared Pratincole by Philippe Campeau, Kyrgyzstan
I found an interesting site – it looks like they have highly qualified physicists and inventors. Here is one of their inventions – “Traffic Safety with Infrared Quadrant Detectors“…
Invention high-level description:
And they are looking for investors.
Restricted SharePoint Search is a new Microsoft feature to mitigate sites oversharing issue when you are implementing Copilot. The feature is documented here, but still I have some questions, e.g.:
Here I’m going to answer the questions above.
So far I build a test scenario using my dev tenant that includes multiple collaborated users and content in the form of files, pages, list items and messages spreaded across multiple sites falling into different categories of Restricted SharePoint Search allowed content.
If you are getting “You do not have the required license to perform this operation” when you are trying Get-SPOTenantRestrictedSearchMode or Get-PnPTenantRestrictedSearchMode – that means there is no Copilot for Microsoft 365 licenses assigned to tenant yet. This feature – Restricted SharePoint Search – works only when at least one Copilot license is assigned to tenant.
… TBC
References
Governance in IT is establishing rules, policies, tools and practices that helps you manage and protect your enterprise resources. SharePoint governance (or wider – Collaboration governance) covers