Tag Archives: ACS

Azure Access Control

Azure ACS retirement. How to prepare your tenant. Guide for SharePoint Admins.

Since Microsoft announced EOL of ACS in 2026, we as SharePoint administrators must be prepared, as it is a really big deal – entire era of SharePoint app-only service principals will gone. SharePoint developers used this kind of authentication since 2013 to build their solutions. And when it comes to software development – it always […]

Providing ACS permissions for app to access SharePoint

Microsoft retires ACS Let me quote Microsoft just to start (Dec 18, 2023): So, for new development it is strictly recommended to use Azure Registered Apps to access Microsoft 365 resources programmatically. You still need ACS in some cases But, as always, it all is not so simple, as Hopefully, Microsoft will resolve all the […]

SharePoint Add-Ins and ASC retirement

Microsoft announced retirement for SharePoint Add-Ins and ASC-based app permissions (SharePoint app-only principals). Let me summarize here: Timeline Known key retirement milestone dates: (*) SPFx based solutions will continue to be available, Installation from a private app catalog stays possible(**) regardless of their origin (public marketplace, private tenant catalog) So timeline is generous, and we […]

Sites.Selected permissions provisioning automation

Scenario You administer Microsoft 365 SharePoint Online. Part of your daily activities is providing Microsoft Graph and SharePoint Sites.Selected API permissions to other users (developers). In Aug/Sep 2023 Microsoft pushed an update that prevents site collection admins to create or update an Azure Access Control (ACS) principal (that was the way most of developers used […]

Your SharePoint tenant admin doesn’t allow site collection admins…

Scenario You are trying to register an application at SharePoint site with appregnew.aspx page and you are getting an error or notification message “Your SharePoint tenant admin doesn’t allow site collection admins to create an Azure Access Control (ACS) principal“. Or you are trying to provide ACS-based permissions for an application to SharePoint site with […]

Sites.Selected API permissions for SharePoint access

Sites.Selected permissions are required for the non-interactive applications to get access to a specific SharePoint site using Microsoft Graph API and/or SharePoint API.(Since Microsoft announced EOL of SharePoint App-only service principals, Sites.Selected is the only option going forward). Below are Brief overview of Sites.Selected Historically, we utilized so called SharePoint app-only service principals to get […]

SharePoint AppRegNew.aspx and AppInv.aspx

There are well-known SharePoint app-only service principals and ACS-based permissions. It is kind of old-school way – introduced as part of Add-Ins for SharePoint 2013 – to get unattended access to SharePoint site (application access, i.e. access without user presence). Such apps are called daemon apps or service apps or background jobs etc… Microsoft announced […]