Have you been keeping up with the latest updates from Microsoft? If not, don’t worry – we’ve got you covered. In November 2023, Microsoft announced a significant change: the retirement of Azure ACS (Access Control Services) in favor of Microsoft Entra ID. This move underscores Microsoft’s commitment to delivering modern, optimized, and secure solutions in today’s rapidly evolving digital landscape.
The News: Key Dates and Changes
The News: Key Dates and Changes
Microsoft is phasing out Azure ACS, which will cease operations for new tenants starting November 1st, 2024, and for existing tenants by April 2nd, 2026. This change impacts all environments, including Government Clouds and the Department of Defense.
In parallel, Microsoft is also retiring the ability to add, update, and acquire SharePoint Add-Ins via the public marketplace. Since March 1st, 2024, new SharePoint Add-Ins have no longer been accepted for listing, and since July 1st, 2024, existing Add-Ins are no longer available for acquisition from the public marketplace.
What Does This Mean for Users?
What Does This Mean for Users?
The retirement of Azure ACS and SharePoint Add-Ins signals a shift towards more modern and secure SharePoint extensibility models. Here’s what you need to know:
- Custom-Developed SharePoint Add-Ins: If you are using custom-developed SharePoint Add-Ins, it is recommended to migrate them to SharePoint Framework-based solutions. SharePoint Framework (SPFx) provides a more robust, secure, and scalable way to extend SharePoint’s capabilities.
- Marketplace and Third-Party Add-Ins: Users who have acquired SharePoint Add-Ins from the public marketplace or third parties should inquire about updated versions that do not rely on the SharePoint Add-In extensibility model. The goal is to transition to solutions that leverage the latest technologies and security features offered by Microsoft.
Ensuring a Smooth Transition
Ensuring a Smooth Transition
To understand if your organization is using Azure ACS or to facilitate a smooth transition to Microsoft Entra ID, Microsoft recommends that customers run the Microsoft 365 Assessment tool to scan their tenants for Azure ACS usage.
This tool helps users identify and evaluate their current SharePoint Add-Ins usage. It generates a Power BI report that details all SharePoint Add-Ins in the tenant, their source, and installation details. For provider-hosted Add-Ins, it also provides information about the Azure ACS principal used, including its validity and permission scopes.
Here are the detailed steps for running the Microsoft 365 Assessment tool to scan your tenants for Azure ACS Usage:
Step 1: Download the Assessment tool
Install and Run it
Run command: start --mode AddInsACS --authmode interactive --tenant (your tenant).sharepoint.com
Step 2: Run command
Step 2: Run command
status
Once command is done running, it will look like this
Step 3: Next Command
list
Step 4: Next Command
Once you have identified the correct ID you can run the next command:
report --id **copy ID from list command**
Step 5: Automatic Report is generated
Your Power BI report will be generated and automatically opened.
Once the Power BI report has been generated, you can:
- Identify all Azure ACS application principals in use, including key properties such as permission scopes and the allowance of app-only access.
- For each identified Azure ACS application principal, list all accessible sites.
Using the Azure ACS Report and site information, tenant administrators and developers can plan the transition from Azure ACS to Microsoft Entra ID as the authentication model.
Microsoft recommends that tenant administrators turn off Azure ACS app-only access once they have confirmed that there is no longer any business-relevant usage of Azure ACS.
Code:
Connect-SPOService -Url https://<tenant>-admin.sharepoint.comSet-SPOTenant -DisableCustomAppAuthentication $true
The assessment tool provides administrators with the necessary usage information to understand where and when Azure ACS principals are being used.
Still unclear?
Microsoft offers comprehensive guidance on migrating SharePoint Add-Ins to SharePoint Framework-based solutions. This includes articles, videos, and other resources to help users navigate the migration process.
Users can seek assistance from Microsoft Solution Providers (P.S. GTconsult is a Microsoft Solutions Partner for Modern Work) and open support tickets for help with the migration process. This ensures that any challenges encountered during the transition are promptly addressed.
If you need assistance or would like to book a free consultation to discuss your organization's SharePoint development/support and security needs, feel free to get in touch!