💡 Our Technical Review in summary
Summary
- Microsoft is retiring Azure Access Control Services (ACS) for SharePoint Online authentication and authorization.
- Azure ACS has been used for SharePoint customizations since 2013 but is being replaced by Microsoft Entra ID (formerly Azure AD) to provide a more secure and modern authentication platform.
- The retirement process is already underway: new tenants have been unable to use Azure ACS since November 1, 2024, and existing tenants will lose all functionality on April 2, 2026.
Impact
- After April 2, 2026, any custom-developed or third-party applications relying on Azure ACS to access SharePoint Online will fail to authenticate and will stop working.
- This affects “App-Only” principal scenarios and legacy SharePoint Add-ins that use the ACS-based trust model.
- Administrators should note that Microsoft has explicitly stated there will be no extensions available beyond the April 2026 deadline.
- Organizations failing to migrate will experience immediate service disruptions for any integrated tools, scripts, or vendor solutions using this legacy protocol.
Action Required
- Identify Usage: Download and run the Microsoft 365 Assessment tool to scan your tenant for any active Azure ACS usage and identify which applications are at risk.
- Migrate to Entra ID: Update custom applications to use Microsoft Entra ID for authentication. This typically involves registering applications in the Azure portal and updating the code to use OAuth 2.0.
- Coordinate with Vendors: Contact third-party solution providers to ensure their software is updated to support Microsoft Entra ID before the retirement date.
- Review Guidance: Consult Microsoft’s official documentation on migrating from Azure ACS to Microsoft Entra ID for technical step-by-step instructions.
- Internal Communication: Notify developers and stakeholders of the timeline, and update internal help desk documentation to prepare for the transition.
Microsoft Official Update
Service: N/A
Category: planForChange
Severity: normal
Updated February 2, 2026: This update serves as a reminder that Azure ACS in Microsoft 365 will retire and stop working in 2 months from now (April 2, 2026).
Since the first use of Azure Access Control Services (ACS) by SharePoint in 2013, Microsoft has evolved the authorization and authentication options for SharePoint Online via Microsoft Entra ID (a.k.a. Azure AD). Using Microsoft Entra ID as auth platform for your SharePoint Online customizations will provide your applications the most secure, compliant and future proof model. With our continued investment in Microsoft Entra ID, Microsoft is retiring the use of Azure ACS as auth platform for SharePoint Online.
[Key Points:]
- Major: Retirement
- Timeline:
- Starting November 1st, 2024, new tenants will not be able use Azure ACS.
- Starting April 2, 2026, Microsoft will remove the ability use SharePoint ACS for existing tenants.
- Action: Review and assess impact
[How this will affect your organization]
If your organization still uses Azure ACS to grant custom developed or third party applications access to SharePoint Online, they will no longer have access after April 2nd, 2026. We recommend customers to update their customizations to use Microsoft Entra ID and ask their solution vendors to do the same.
[What you need to do to prepare]
You will want to notify your Azure ACS users and developers. Update your user training and prepare your help desk.
For admins
- Use the Microsoft 365 Assessment tool to scan your tenants for Azure ACS usage.
- Review the guidance for migrating from Azure ACS to Microsoft Entra ID.
- There will not be an option to extend Azure ACS usage for SharePoint Online beyond April 2nd 2026.
Learn more
- Support update for the retirement of Azure ACS for SharePoint Online in Microsoft 365.
