check before: 2024-09-26
Product:
Azure Active Directory, Entra, Entra ID, Microsoft 365 Apps, OneDrive, SharePoint
Platform:
Developer, Online, World tenant
Status:
Change type:
Admin impact, Retirement
Links:
Details:
Summary:
The option to specify client ID and secret when creating Azure ACS principals will be removed. Users must adopt the system-generated client ID and secret. This change will start in early October 2024 and end by early November 2024. No admin action is required for this automatic change. Azure ACS is retiring on April 2, 2026.
Details:
When using the AppRegNew.aspx page to create Azure ACS (Access Control Service) principals today, you can generate a new client ID (default flow) and secret, but you can also specify the client ID or secret yourselves. Going forward, the option to specify the client ID and secret yourself will be removed. Each created Azure ACS principal will have a unique client ID (a GUID) and a system-generated secret. After the creation of the Azure ACS principal, you'll be redirected to a page showing the created client ID and secret.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-09-26
updated:
2024-09-26
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
Starting from early October 2024, Azure ACS will automatically generate client IDs and secrets for service principals, with the feature being fully rolled out by early November 2024. Azure ACS will retire on April 2, 2026, and Microsoft recommends transitioning to Microsoft Entra ID for authorization, with new tenants unable to use Azure ACS starting November 1, 2024.
Direct effects for Operations**
Removal of Custom Client ID and Secret
Users will no longer be able to specify their own client ID and secret when creating Azure ACS principals, leading to potential confusion and disruption in existing workflows that rely on custom identifiers.
- roles: Developers, IT Administrators
- references: https://learn.microsoft.com/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in, https://learn.microsoft.com/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs
Transition to System-Generated Credentials
The automatic transition to system-generated client IDs and secrets may lead to integration issues with existing applications that expect specific client IDs, resulting in service disruptions.
- roles: Developers, Application Owners
- references: https://learn.microsoft.com/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in, https://learn.microsoft.com/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs
Increased Training and Support Needs
With the removal of the ability to specify client IDs and secrets, there will be a need for increased training and support for users to adapt to the new system-generated model, potentially impacting productivity.
- roles: IT Support Staff, End Users
- references: https://learn.microsoft.com/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs, MC693863: (Updated) Azure ACS retirement in Microsoft 365
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.