web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / SharePoint ACS (AppInv...
Microsoft Dynamics 365 | Integration, Dataverse...
Unanswered

SharePoint ACS (AppInv/AppRegNew) Retirement – Need Guidance on Migration to Azure AD / Graph

(0) ShareShare
ReportReport
Posted on by Aryan 196

We have an integration between Microsoft Dynamics 365 Business Central (AL) and SharePoint Online for uploading and accessing files in document libraries.

Current Implementation

App Registration & Permissions

  • App created using:
    /_layouts/15/appregnew.aspx

  • Permissions granted via:
    /_layouts/15/appinv.aspx → “Trust It”

Current permission (overly broad):

<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/tenant" Right="FullControl" /> </AppPermissionRequests>


this will give all tenant level  access i.e. all sharepoint access so pls suggest ?

Authentication (ACS Token)

We generate access tokens using:

POST https://accounts.accesscontrol.windows.net/{tenant-id}/tokens/OAuth/2

SharePoint API Usage

We are using SharePoint REST API:

Upload file:

POST https://<org>.sharepoint.com/sites/<site>/_api/web/GetFolderByServerRelativeUrl('/sites/<site>/Shared Documents')/Files/add(url='file.pdf',overwrite=true)

Download / read files:

GET https://<org>.sharepoint.com/sites/<site>/_api/web/GetFileByServerRelativeUrl('/sites/<site>/Shared Documents')/Files...

Questions
  1. After April 2026, will existing ACS-based integrations completely stop working, or only new registrations will be blocked?

  2. What is the recommended modern approach for this scenario:

    • Continue using SharePoint REST API with Azure AD token

    • OR migrate fully to Microsoft Graph API


      •  
    If we switch to Azure AD authentication:

    • Can we continue using existing _api/web/... endpoints?

    • Or is Graph API mandatory  

  3. What is the best way to restrict access to a single SharePoint site (avoid tenant-wide permissions like FullControl)?

  4. For Business Central (AL), is there any recommended approach or pattern for:

    • Generating Azure AD tokens (client credentials flow)

    • Calling SharePoint / Graph APIs securel  

Any guidance, best practices, or migration examples would be highly appreciated.

If possible pls share some Blogs or resource when this overall new process is explain so that i can can a hit and start the development.

Categories:
Dynamics 365 general
I have the same question (0)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
11manish Profile Picture

11manish 118

#2
Pallavi Phade Profile Picture

Pallavi Phade 102 Super User 2026 Season 1

#3
ManoVerse Profile Picture

ManoVerse 56 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Welcome to the Microsoft Dynamics 365 forum!
Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans