Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. SharePoint is using ACS in numerous areas, but these are not impacted by this deprecation. All existing SharePoint add-in model registrations and related functionalities will continue to be supported also after this retirement. Azure has released following article on the migration guidance, which was updated on April 2018 to include specific sections around SharePoint to avoid any confusion.
Here’s the relevant information around the SharePoint from the article.
SharePoint customers
SharePoint 2013, 2016, and SharePoint Online customers have long used ACS for authentication purposes in the cloud, on-prem, and hybrid scenarios. Some SharePoint features and use cases will be affected by ACS retirement, while others will not. The below table summarizes migration guidance for some of the most popular SharePoint feature that leverage ACS:
- Authenticating users from Azure AD
- Previously, Azure AD did not support SAML 1.1 tokens required by SharePoint for authentication, and ACS was used as an intermediary that made SharePoint compatible with Azure AD token formats. Now, you can connect SharePoint directly to Azure AD using token issuance policies.
- App authentication & server-to-server authentication in SharePoint on-prem or SharePoint Online – SharePoint add-in registrations done through appregnew.aspx etc.
- Not affected by ACS retirement; no changes necessary.
- Low trust authorization for SharePoint add-ins (provider hosted and SharePoint hosted)
- Not affected by ACS retirement; no changes necessary.
- SharePoint cloud hybrid search
- Not affected by ACS retirement; no changes necessary.
Additional resources
See following resources on the covered topics.
- Time to migrate off Access Control Service – Azure Blog
- Migrate from the Azure Access Control Service – Azure docs
Vesa Juvonen, Senior Program Manager, SharePoint, Microsoft – 3rd of April 2018
