Does all the code using GetACSAppOnlyContext will stop working after April 2, 2026?

Question

We are using GetACSAppOnlyContext() method extensively in our CSOM API code, to call SharePoint online and as per the Microsoft documentation, Azure ACS will be retired by April 2nd 2026. I would like to know,

1. If any code which referencing the function will stop working after April 2nd.
2. The client credentials which are created using appreg.aspx and appinv.aspx, does have presence in Azure App registration portal. Is there a way to convert these credentials into Entra ID app registrations?
3. Since we are using these Azure ACS credentials approach in many solution, it will take a lot of time to fix it. Does Microsoft provide an alternate option to enable this option for certain period.

Answer 1

Hello Milan

Thank you for reaching out regarding the retirement of Azure ACS and its impact on your CSOM code for SharePoint Online. I'll address each of your questions below:

1. Will code referencing GetACSAppOnlyContext() stop working after April 2, 2026? Yes, any code that relies on this method will cease to function after April 2, 2026. This is because Azure ACS, which handles the authentication for these app-only contexts in SharePoint Online, will be fully retired on that date for all existing tenants. After retirement, ACS-based access tokens will no longer be valid, leading to authentication failures. Note that for new tenants, ACS has been unavailable since November 1, 2024. We recommend migrating to modern authentication methods, such as Entra ID app-only access using certificates or the Microsoft Graph API with scopes like Sites.Selected for more granular permissions. REF: https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs | https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
2. Do client credentials created via appreg.aspx and appinv.aspx appear in the Azure App Registrations portal, and can they be converted to Entra ID app registrations? Yes, these legacy ACS principals do appear in the Entra admin center under "Enterprise applications" as read-only entries. However, they cannot be directly converted or upgraded to full Entra ID app registrations. You'll need to manually create new app registrations in the Entra portal, configure the necessary permissions (like app-only access with certificates), and update your CSOM code to use methods like GetAppOnlyAuthenticatedContext() with the new Entra ID credentials. For detailed steps, refer to the migration guidance in the SharePoint Add-Ins and Azure ACS retirement FAQ.
3. Is there an alternate option or extension from Microsoft to continue using ACS credentials for a certain period, given the time needed to update multiple solutions? Unfortunately, no. Microsoft does not offer any extensions, grace periods, or alternate options to continue using ACS beyond April 2, 2026, this is a hard retirement date with no provisions for temporary enablement. To prepare, tenant admins can proactively disable ACS app-only access in their environment to test and enforce the migration. Microsoft strongly advise starting the transition to Entra ID as soon as possible to avoid service disruptions.

Hope this help.

---

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.