Just when you thought your SharePoint setup was safe… Microsoft drops the news—Azure Access Control Service (ACS) is retiring. It’s like your trusty security guard handing in their badge and walking off into the sunset.
So, what does this mean for your SharePoint setup? And how can you ensure that your environment remains secure without ACS? Let’s dive into the witty details.
Azure Access Control Service (ACS ) has been around for a while, providing identity federation and access control for various applications, including SharePoint. But like all good things, ACS is reaching the end of its journey. Microsoft officially retired ACS of April 2nd, 2026.
Imagine your SharePoint environment as a club, and ACS was the bouncer who never checked IDs—now it’s time to upgrade to modern security! Now that the bouncer has left, you need a new security strategy to keep the party safe.
Why Did Microsoft Retire ACS?
Let’s be honest: ACS was starting to feel a bit dated. Sure, it worked, but it wasn’t exactly keeping up with the times; Microsoft’s focus has shifted to more modern identity solutions like Azure AD B2C and OAuth 2.0. These newer tools provide better security, scalability, and user experience. So, while it’s sad to see ACS go, it’s a necessary step forward.
What Does This Mean for SharePoint Users?
If you’re using ASC in your SharePoint environment, you need to make some changes. Here’s what you should do to ensure a smooth transition:
Identify Where ACS is Used
First things first: figure out where you’re using ACS in your SharePoint environment.
- Custom Solutions: Check any custom apps or services integrated with SharePoint.
- External Users: Ensure external users aren’t relying on ACS for access.
Switch to Azure AD B2C or OAuth 2.0
The most straightforward replacement for ACS is Azure AD B2C or OAuth 2.0.
- Azure AD B2C: Ideal for managing external users and identity federation.
- OAuth 2.0: Great for modern authentication scenarios.
Update Your Custom Code
If you have custom code that relies on ACS, it’s time for a makeover.
- Replace ACS tokens with OAuth tokens.
- Use Azure AD libraries for authentication.
# Example: Using OAuth in PowerShell
$tenantId = "<YOUR TENANT ID>"
$clientId = "<YOUR CLIENT ID>"
$clientSecret = "<YOUR CLIENT SECRET>"
$tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"Communicate the Change
Make sure everyone in your organization knows about the ACS retirement.
- IT Teams: Provide detailed guidance on replacing ACS.
- End Users: Ensure they understand how their login process might change.
Deliver a sleek, all-in-one dashboard masterpiece
The Microsoft 365 Assessment Tool gives you a clear snapshot of your tenant’s SharePoint Azure ACS usage, delivering detailed data and a Power BI report to help you make sense of it all.
SharePoint Add-In and Azure ACS Assessment | Microsoft 365 Assessment Tool
Time to unplug it !
Turn off the use of Azure ACS on your tenant :
Connect-SPOService -Url https://<YOUR TRNANT>-admin.sharepoint.com
Set-SPOTenant -DisableCustomAppAuthentication $trueGoodbye ACS, Hello Modern Identity
The retirement of Azure ACS is a significant shift, but it’s also an opportunity to modernize your SharePoint environment. Embrace the new tools, update your security strategies, and ensure your SharePoint club remains exclusive and secure.
In the words of the great philosopher Ferris Bueller: Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.
So, don’t get stuck in the past. Say goodbye to ACS and hello to a brighter, more secure SharePoint future!
