M365 Changelog: UseRemoteAPIs functionality change

MC678064 – Today, Microsoft is announcing the removal of consideration for the UseRemoteAPIs permission within SharePoint Online. Meaning that while the setting remains in the UX for a short time, it will no longer be used as part of the authorization flow for API calls made to CSOM and classic REST APIs. Please see the linked blog post for additional details.

When this will happen:

Microsoft will begin rolling out in mid-October 2023 and expect to complete by late October 2023.

How this affects your organization:

Within SharePoint you can build permission levels through combining permissions, including the ability to modify existing service permissions. Within this system, the permission listed in the UX as “Use Remote Interfaces – Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site” was originally intended to prevent anonymous users in public SharePoint internet sites from accessing the APIs.

As the service evolved, this original meaning has been lost. Today the setting provides no additional protection.

Microsoft expects no disruption to users or the service during the rollout of this change.

What you can do to prepare:

This announcement is for your information and there is nothing to do associated with this change.

Blog