M365 Changelog: (Updated) SharePoint admin control for App registration / update

M365 Changelog: (Updated) SharePoint admin control for App registration / update

MC660075 - (Updated) SharePoint admin control for App registration / update

News summary

This is an enhancement to the security measures for administrative governance that modifies the default procedures for SharePoint app registration via AppRegNew.aspx page and permission updates via AppInv.aspx page. Following the implementation of this change, site collection admin will be unable to register app or update app permissions through above pages unless authorized explicitly by the SharePoint tenant admin. 

Upon attempting to register an application on AppRegnew.aspx page, a notification will be displayed stating "Your SharePoint tenant admin doesn't allow site collection admins to create an Azure Access Control (ACS) principal. Please contact your SharePoint tenant administrator."

Similarly, upon attempting to update app permissions on AppInv.aspx page, a notification will be displayed stating "Your SharePoint tenant admin doesn't allow site collection admins to update app permissions. Please contact your SharePoint tenant administrator."

Kindly note that app registration and permission update via Microsoft Azure portal are not impacted by this change. 

When this will happen

The rollout process is scheduled to commence in late August and is expected to conclude in mid-September. 

How this will affect your organization

With this update site owners will not be able to register/update apps unless the tenant admin explicitly allows it.

To modify the default behavior, the tenant administrator must execute the following shell command to explicitly establish the flag as TRUE, thereby superseding the default value of FALSE. The service principal can only be created or updated by the tenant administrator by default. However, when the flag is set to TRUE, both the SharePoint tenant admin and site collection admin will be able to create or update the service principal through SharePoint.

The shell command is: Set-SPOTenant -SiteOwnerManageLegacyServicePrincipalEnabled $true 

At least Powershell SharePoint Management version 16.0.24 required!

Note

The property ‘SiteOwnerManageLegacyServicePrincipalEnabled’ becomes visible in tenant settings after SharePoint Online Management shell is updated to 16.0.23710.12000 or a later version. But before this rollout, the value will always be TRUE even explicitly set to FALSE. It will only automatically be switched to FALSE as the default value after the rollout is launched.



    • Related Articles

    • Process steps control

      Process steps control on Modern Forms allows you to visualize your own linear process with text, icons and descriptions based on specified Choice column. Configuration Process steps control can be added from the "Add" button on the form. When you add ...

    • Action: Update meetings

      Update meetings action allows to update properties of the specified online meeting in Microsoft Teams and in Outlook as well. It allows to update properties of a single meeting and a series of meetings. Example of Upgrade meetings action ...

    • Teamsware Studio Update 20.06.2024

      New features Get meetings action Added Get meetings action for Scheduled & Triggered Actions Update meeting action Added Update meeting action for Scheduled & Triggered Actions Delete meeting action Added Delete meeting action for Scheduled & ...

    • Teamsware Studio Update 25.04.2024

      New Features Selective Deployment for API deployment Selective deployment is available on creating API deployment service on the Deployments tab. Moreover, you can configure different deployment configurations for Initial and Update deployments on ...

    • Teamsware Studio Update 15.08.2024

      New features Start Power Automate Flow action Added Start Power Automate Flow action for Modern Forms, List Actions, Automation Actions, Scheduled & Triggered Actions Add site to favorite action Added Add site to favorite action for Modern Forms, ...