{"id":2813,"date":"2023-08-13T08:00:55","date_gmt":"2023-08-12T23:00:55","guid":{"rendered":"https:\/\/m365jp.xyz\/?p=2813"},"modified":"2023-08-13T08:15:36","modified_gmt":"2023-08-12T23:15:36","slug":"mc660075-updated-sharepoint-admin-control-for-app-registration-update","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2023-08-13-mc660075-updated-sharepoint-admin-control-for-app-registration-update","title":{"rendered":"MC660075 | (Updated) SharePoint admin control for App registration \/ update"},"content":{"rendered":"
\n
\n
\n\n\n\n
MC660075 | (Updated) SharePoint admin control for App registration \/ update<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\n\n\n\n\n\n\n\n
Classification<\/th>\nplanForChange<\/td>\n<\/tr>\n
Last Updated<\/th>\n08\/12\/2023 22:10:23<\/td>\n<\/tr>\n
Start Time<\/th>\n07\/24\/2023 22:32:51<\/td>\n<\/tr>\n
End Time<\/th>\n12\/29\/2023 08:00:00<\/td>\n<\/tr>\n
Message Content<\/th>\n\n

Updated August 12, 2023: We have updated the content below for clarity. Thank you for your patience.<\/p>\n

This is an enhancement to the security measures for administrative governance that modifies the default procedures for SharePoint app registration via AppRegNew.aspx page and permission updates via AppInv.aspx page. Following the implementation of this change, site collection admin will be unable to register app or update app permissions through above pages unless authorized explicitly by the SharePoint tenant admin. <\/p>\n

<\/p>\n

Upon attempting to register an application on AppRegnew.aspx page, a notification will be displayed stating “Your SharePoint tenant admin doesn’t allow site collection admins to create an Azure Access Control (ACS) principal. Please contact your SharePoint tenant administrator.” <\/p>\n

Similarly, upon attempting to update app permissions on AppInv.aspx page, a notification will be displayed stating “Your SharePoint tenant admin doesn’t allow site collection admins to update app permissions. Please contact your SharePoint tenant administrator.” <\/p>\n

Kindly note that app registration and permission update via Microsoft Azure portal are not impacted by this change.  <\/p>\n

[When this will happen:] <\/p>\n

The rollout process is scheduled to commence in late August and is expected to conclude in mid-September. <\/p>\n

[How this will affect your organization:] <\/p>\n

With this update site owners will not be able to register\/update apps unless the tenant admin explicitly allows it. <\/p>\n

To modify the default behavior, the tenant administrator must execute the following shell command to explicitly establish the flag as TRUE, thereby superseding the default value of FALSE. The service principal can only be created or updated by the tenant administrator by default. However, when the flag is set to TRUE, both the SharePoint tenant admin and site collection admin will be able to create or update the service principal through SharePoint.<\/p>\n

The shell command is: Set-SPOTenant -SiteOwnerManageLegacyServicePrincipalEnabled $true<\/code><\/p>\n

[What you need to do to prepare:] <\/p>\n

No proactive measures are required to prepare for this change. Nevertheless, it is advisable to inform your users of this modification and update any relevant documentation as necessary.<\/p>\n<\/td>\n<\/tr>\n

Machine Translation<\/th>\n\n

2023 \u5e74 8 \u6708 12 \u65e5\u66f4\u65b0: \u308f\u304b\u308a\u3084\u3059\u304f\u3059\u308b\u305f\u3081\u306b\u3001\u4ee5\u4e0b\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\u304a\u5f85\u3061\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n

\u3053\u308c\u306f\u3001AppRegNew.aspx \u30da\u30fc\u30b8\u3092\u4f7f\u7528\u3057\u305f SharePoint \u30a2\u30d7\u30ea\u306e\u767b\u9332\u3068 AppInv.aspx \u30da\u30fc\u30b8\u3092\u4f7f\u7528\u3057\u305f\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306e\u66f4\u65b0\u306e\u65e2\u5b9a\u306e\u624b\u9806\u3092\u5909\u66f4\u3059\u308b\u3001\u7ba1\u7406\u30ac\u30d0\u30ca\u30f3\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306e\u5f37\u5316\u3067\u3059\u3002\u3053\u306e\u5909\u66f4\u306e\u5b9f\u88c5\u5f8c\u3001\u30b5\u30a4\u30c8 \u30b3\u30ec\u30af\u30b7\u30e7\u30f3\u7ba1\u7406\u8005\u306f\u3001SharePoint \u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306b\u3088\u3063\u3066\u660e\u793a\u7684\u306b\u627f\u8a8d\u3055\u308c\u3066\u3044\u306a\u3044\u9650\u308a\u3001\u4e0a\u8a18\u306e\u30da\u30fc\u30b8\u304b\u3089\u30a2\u30d7\u30ea\u3092\u767b\u9332\u3057\u305f\u308a\u3001\u30a2\u30d7\u30ea\u306e\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u66f4\u65b0\u3057\u305f\u308a\u3067\u304d\u306a\u304f\u306a\u308a\u307e\u3059\u3002<\/p>\n

<\/p>\n

AppRegnew.aspx \u30da\u30fc\u30b8\u3067\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u767b\u9332\u3057\u3088\u3046\u3068\u3059\u308b\u3068\u3001”SharePoint \u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306f\u3001\u30b5\u30a4\u30c8 \u30b3\u30ec\u30af\u30b7\u30e7\u30f3\u7ba1\u7406\u8005\u304c Azure \u30a2\u30af\u30bb\u30b9\u5236\u5fa1 (ACS) \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u3066\u3044\u307e\u305b\u3093\u3002SharePoint \u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306b\u554f\u3044\u5408\u308f\u305b\u3066\u304f\u3060\u3055\u3044\u3002 <\/p>\n

\u540c\u69d8\u306b\u3001AppInv.aspx \u30da\u30fc\u30b8\u3067\u30a2\u30d7\u30ea\u306e\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u66f4\u65b0\u3057\u3088\u3046\u3068\u3059\u308b\u3068\u3001”SharePoint \u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306f\u3001\u30b5\u30a4\u30c8 \u30b3\u30ec\u30af\u30b7\u30e7\u30f3\u7ba1\u7406\u8005\u304c\u30a2\u30d7\u30ea\u306e\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u66f4\u65b0\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u3066\u3044\u307e\u305b\u3093\u3002SharePoint \u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306b\u554f\u3044\u5408\u308f\u305b\u3066\u304f\u3060\u3055\u3044\u3002 <\/p>\n

Microsoft Azure \u30dd\u30fc\u30bf\u30eb\u3092\u4ecb\u3057\u305f\u30a2\u30d7\u30ea\u306e\u767b\u9332\u3068\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306e\u66f4\u65b0\u306f\u3001\u3053\u306e\u5909\u66f4\u306e\u5f71\u97ff\u3092\u53d7\u3051\u306a\u3044\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002  <\/p>\n

[\u3053\u308c\u304c\u8d77\u3053\u308b\u3068\u304d:] <\/p>\n

\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u30d7\u30ed\u30bb\u30b9\u306f8\u6708\u4e0b\u65ec\u306b\u958b\u59cb\u3055\u308c\u30019\u6708\u4e2d\u65ec\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002 <\/p>\n

[\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff:] <\/p>\n

\u3053\u306e\u66f4\u65b0\u3067\u306f\u3001\u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u304c\u660e\u793a\u7684\u306b\u8a31\u53ef\u3057\u306a\u3044\u9650\u308a\u3001\u30b5\u30a4\u30c8\u6240\u6709\u8005\u306f\u30a2\u30d7\u30ea\u3092\u767b\u9332\/\u66f4\u65b0\u3067\u304d\u307e\u305b\u3093\u3002 <\/p>\n

\u65e2\u5b9a\u306e\u52d5\u4f5c\u3092\u5909\u66f4\u3059\u308b\u306b\u306f\u3001\u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306f\u6b21\u306e\u30b7\u30a7\u30eb \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u30d5\u30e9\u30b0\u3092\u660e\u793a\u7684\u306b TRUE \u3068\u3057\u3066\u78ba\u7acb\u3057\u3001\u65e2\u5b9a\u5024\u306e FALSE \u3092\u7f6e\u304d\u63db\u3048\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u65e2\u5b9a\u3067\u306f\u3001\u30b5\u30fc\u30d3\u30b9 \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u3092\u4f5c\u6210\u307e\u305f\u306f\u66f4\u65b0\u3067\u304d\u308b\u306e\u306f\u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306e\u307f\u3067\u3059\u3002\u305f\u3060\u3057\u3001\u30d5\u30e9\u30b0\u304c TRUE \u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3001SharePoint \u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u3068\u30b5\u30a4\u30c8 \u30b3\u30ec\u30af\u30b7\u30e7\u30f3\u7ba1\u7406\u8005\u306e\u4e21\u65b9\u304c SharePoint \u3092\u4f7f\u7528\u3057\u3066\u30b5\u30fc\u30d3\u30b9 \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u3092\u4f5c\u6210\u307e\u305f\u306f\u66f4\u65b0\u3067\u304d\u307e\u3059\u3002<\/p>\n

\u30b7\u30a7\u30eb\u30b3\u30de\u30f3\u30c9\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002 Set-SPOTenant -SiteOwnerManageLegacyServicePrincipalEnabled $true<\/code><\/p>\n

[\u6e96\u5099\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u3053\u3068:] <\/p>\n

\u3053\u306e\u5909\u66f4\u306b\u5099\u3048\u308b\u305f\u3081\u306e\u4e8b\u524d\u5bfe\u7b56\u306f\u5fc5\u8981\u3042\u308a\u307e\u305b\u3093\u3002\u305d\u308c\u3067\u3082\u3001\u3053\u306e\u5909\u66f4\u3092\u30e6\u30fc\u30b6\u30fc\u306b\u901a\u77e5\u3057\u3001\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u95a2\u9023\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u66f4\u65b0\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

MC660075 | (Updated) SharePoint admin control for App registration \/ update Classification planForChange Last […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2813","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/2813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=2813"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/2813\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=2813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=2813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=2813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}