3,724 questions
How to replace SharePoint Online Client Extensibility Azure AD application which is provisioned automatically by SharePoint
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 91%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Raniel Garcia
10
Reputation points
In SharePoint Framework development, we can connect to APIs secured with Azure AD by adding/requesting permissions to an Azure AD application
webApiPermissionRequests": [ {
"resource": "Microsoft Graph",
"scope": "Calendars.Read"
} ]
These permissions will be added once approved in the service principal SharePoint Online Client Extensibility, which is provisioned by Microsoft automatically.
That service principal is used by all SharePoint sites in a single tenant, meaning all permissions added from different webpart from different team will be added as permissions to that service principal.
How can I create my own App Registration that I can use to replace the SharePoint Online Client Extensibility to have a full-control who can use the permissions that I am going to add to that new app registration?
Microsoft 365 and Office | SharePoint | Development
{count} votes
-
Raniel Garcia 10 Reputation points
2025-04-19T13:48:17.65+00:00 Basically, I want to make sure that only a specific App Registration can only used to send request to a custom built API, and prevent other teams to utilize the permissions that were added in the SharePoint Online Client Extensibility
-
Raniel Garcia 10 Reputation points
2025-04-19T14:25:44.09+00:00 Since isolated webpart will retire next year: https://learn.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/isolated-web-parts, is there any alternative way to isolate the permissions to specific webpart?
Sign in to comment
Sign in to answer