Drawbacks and disadvantageous of setting "DisableCustomAppAuthentication to false" inside our tenant

Question

We have a lot of .net console applications which runs inside on-premises servers, which connect to SharePoint online using ClientID & ClientSecret and perform some background tasks, as follow:-

static void Main(string[] args)
        {
         string siteUrl = "https://*****.sharepoint.com/sites/HR/";
         string clientId = "1***";
         string clientSecret = ""******";

         using (ClientContext context = new OfficeDevPnP.Core.AuthenticationManager().GetAppOnlyAuthenticatedContext(siteUrl, clientId, clientSecret))
             try { 
                   {
                    context.Load(context.Web);
                    context.Load(context.Site.RootWeb.ContentTypes);
                    context.ExecuteQuery();

Now this code will not work on any tenant unless we set DisableCustomAppAuthentication to false as follow:-

Set-SPOTenant -DisableCustomAppAuthentication $false

So what are the implication and security issues we will face in-case we set the CustomAppAuthentication to false?

Answer 1

Hi @john john ,
DisableCustomAppAuthentication prevents apps using an Azure Access Control (ACS) app-only access token to access SharePoint. ACS, a service of Azure Active Directory (Azure AD), has been retired on November 7, 2018. This retirement does not impact the SharePoint add-in model, which uses the https://accounts.accesscontrol.windows.net hostname (which is not impacted by this retirement). For new tenants, apps using an ACS app-only access token are disabled by default. We recommend using the Azure AD app-only model which is modern and more secure. By default this feature is set to true.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---