What it does

SharePoint Advanced Recycling Bin sits in front of your SharePoint Stage 1 and Stage 2 recycling bins and gives them the basics they have always been missing: a real search box, real filters, real pagination, and a unified view across both stages. Head to advanced-recycling-bin.com, sign in with your own Microsoft account, and we load your bins into a short-lived encrypted session so you can get your files back.

What you can do today

• Search file name, folder path, item type, and who created or deleted it, all at once.
• Filter by original folder, item type, deleted by, and deleted date range.
• See Stage 1 and Stage 2 in a single list, no more checking twice.
• Bulk restore every item matching your current filter in one click.
• Walk away mid-job. Restores run server-side and keep going without you.

See it all in action at advanced-recycling-bin.com.

Privacy, in one paragraph

SharePoint Advanced Recycling Bin uses delegated permissions, so you authorise the app against your own account. We never see your password, we do not hold long-lived tokens, and your file data lives in a session that is purged the moment you disconnect. Full details on the SharePoint Advanced Recycling Bin site.

Try it free

Connecting, searching, filtering, and paging are always free at advanced-recycling-bin.com. The free trial also covers one restore of up to five items per SharePoint tenant, so you can try the whole workflow end to end before deciding anything. Sign up at advanced-recycling-bin.com.

Thank you to everyone who tested early builds of SharePoint Advanced Recycling Bin and told us where the rough edges were. We have a roadmap full of improvements and we would love to hear what you want next. Come say hi at advanced-recycling-bin.com. Happy restoring!

The post SharePoint Advanced Recycling Bin is live! appeared first on SharePointPro.

Signs Your Microsoft 365 Environment Needs Attention

Understanding Microsoft 365 security risks is critical for maintaining a secure and well-governed environment.

You may already have risks if:

• You’re unsure who has access to what
• Your SharePoint structure feels disorganized
• External sharing is not regularly reviewed
• You’ve never done a proper audit

How to Reduce Microsoft 365 Security Risks

The first step is visibility.

You need to:

• review permissions
• assess structure
• identify governance gaps
• evaluate workflows

👉 This is where a structured audit becomes critical.

If you want to take action, start with a structured Microsoft 365 Security Audit Brisbane to identify and fix risks before they escalate. These reviews should align with Microsoft security best practices to ensure your environment follows recommended standards.

SharePoint Advanced Recycling Bin is live!

Hi! We are thrilled to share that SharePoint Advanced Recycling Bin is...

Read More

KrissyApril 24, 2026

Common Microsoft 365 Security Risks Businesses Overlook

Microsoft 365 Security Risks Every Business Should Be Aware Of...

Read More

KrissyApril 1, 2026

Microsoft 365 Security Audit Checklist

Microsoft 365 Security Audit Checklist for Brisbane & Gold Coast...

Read More

Karl LehnertApril 1, 2026

Creating SharePoint ECB Custom Actions Without the Add-In Model

A practical replacement pattern for Edit Control Block actions after...

Read More

Michael TippettMarch 23, 2026

Load More

The post Common Microsoft 365 Security Risks Businesses Overlook appeared first on SharePointPro.

The Problem With the Old Add-In Model

Provider-hosted add-ins relied on Azure ACS authentication and helper libraries to generate SharePoint access tokens. Typical controller code looked like this:

[SharePointContextFilter]
public ActionResult Index()
{
    var ctx = SharePointContextProvider.Current.GetSharePointContext(HttpContext);
    using (var clientContext = ctx.CreateUserClientContextForSPHost())
    {
        // SharePoint CSOM operations
    }
}

New Architecture

The replacement approach uses Microsoft Entra ID authentication and issues a delegated SharePoint access token which is stored in the user’s authentication cookie.

The goal of this architecture is to replace SharePoint Add-In authentication while keeping existing MVC controllers functional with minimal code changes.

User visits MVC page
        ↓
[SharePointContextFilter]
        ↓
User redirected to Entra ID login
        ↓
Authorization code returned
        ↓
Code exchanged for SharePoint access token
        ↓
Token stored in authentication cookie
        ↓
ClientContext created with Bearer token

Custom SharePointContextFilter

This filter validates authentication and injects a ClientContext into the request pipeline.

public sealed class SharePointContextFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext ctx)
{
var auth = ctx.HttpContext.GetOwinContext().Authentication;
var ticket = auth.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationType).Result;

if (ticket?.Identity?.IsAuthenticated != true)
{
ctx.Result = new RedirectResult(“/redirect/login?returnUrl=” +
HttpUtility.UrlEncode(ctx.HttpContext.Request.RawUrl));
return;
}

var token = ticket.Identity.FindFirst(“spo_access_token”)?.Value;
var expiresTicks = ticket.Identity.FindFirst(“spo_expires”)?.Value;

if (token == null || expiresTicks == null ||
new DateTime(long.Parse(expiresTicks)) <= DateTime.UtcNow)
{
auth.SignOut(CookieAuthenticationDefaults.AuthenticationType);
ctx.Result = new RedirectResult(“/redirect/login”);
return;
}

var siteUrl = ConfigurationManager.AppSettings[“SharePoint:SiteUrl”];
var spCtx = SharePointDelegatedContext.Create(siteUrl, token);

ctx.HttpContext.Items[“SPO_CTX”] = spCtx;
}

public override void OnActionExecuted(ActionExecutedContext ctx)
{
(ctx.HttpContext.Items[“SPO_CTX”] as ClientContext)?.Dispose();
}
}

Creating a ClientContext Using a Bearer Token

SharePoint CSOM supports OAuth tokens through the Authorization header.

public static class SharePointDelegatedContext
{
    public static ClientContext Create(string siteUrl, string accessToken)
    {
        var ctx = new ClientContext(siteUrl);

        ctx.ExecutingWebRequest += (s, e) =>
        {
            e.WebRequestExecutor.RequestHeaders[“Authorization”] =
                “Bearer ” + accessToken;
        };

        return ctx;
    }
}

Handling Entra ID Login

Step 1 – Redirect the user to Microsoft Entra ID for authentication.

[HttpGet]
public ActionResult Login(string returnUrl = “/”)
{
    var tenantId = ConfigurationManager.AppSettings[“AzureAd:TenantId”];
    var clientId = ConfigurationManager.AppSettings[“AzureAd:ClientId”];

    var redirectUri = “https://yourapp.com/redirect”;

    var state = Guid.NewGuid().ToString(“N”);

    var authorizeUrl =
        $”https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize” +
        $”?client_id={clientId}” +
        $”&response_type=code” +
        $”&redirect_uri={Uri.EscapeDataString(redirectUri)}” +
        $”&response_mode=form_post” +
        $”&scope=openid profile email” +
        $”&state={state}”;

    return Redirect(authorizeUrl);
}

Step 2 – Exchange the authorization code for a SharePoint access token.

var app = ConfidentialClientApplicationBuilder
    .Create(clientId)
    .WithClientSecret(clientSecret)
    .WithAuthority($”https://login.microsoftonline.com/{tenantId}/v2.0″)
    .WithRedirectUri(redirectUri)
    .Build();

var result = await app.AcquireTokenByAuthorizationCode(
    new[] { $”{siteHost}/.default” }, code)
    .ExecuteAsync();

Storing the SharePoint Token

var claims = new JwtSecurityTokenHandler()
    .ReadJwtToken(result.AccessToken)
    .Claims
    .ToList();

claims.Add(new Claim(“spo_access_token”, result.AccessToken));
claims.Add(new Claim(“spo_expires”, result.ExpiresOn.UtcTicks.ToString()));

Cookie Authentication Setup

private void ConfigureAuth(IAppBuilder app)
{
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
        CookieName = “Sppro.Auth”,
        SlidingExpiration = true,
        ExpireTimeSpan = TimeSpan.FromHours(8)
    });
}

Conclusion

With the retirement of the SharePoint Add-In model approaching, applications relying on ACS authentication must move to a modern authentication approach. By implementing delegated SharePoint tokens and a custom SharePointContextFilter, existing provider-hosted solutions can continue working with minimal architectural changes.

In a future post I will show how to create custom actions on the SharePoint ECB (Edit Control Block) without using the add-in model.

Microsoft has officially announced the SharePoint Add-In model retirement scheduled for April 2, 2026.

Before migrating authentication models, it is recommended to perform a Microsoft 365 governance assessment to uncover SharePoint permission risks, outdated configurations, and tenant security issues that may impact the new Entra ID authentication approach.

By implementing Entra ID authentication and delegated SharePoint tokens, teams can successfully replace SharePoint Add-In authentication and keep their applications operational after the 2026 retirement.

The post Replacing SharePoint Add-In Authentication Before the April 2026 Retirement appeared first on SharePointPro.

If you’re running a small business in Brisbane, Toowoomba, or up in Cairns, and you’re wondering whether you can have Teams without the fuss of SharePoint — the short answer is nah, you can’t. But understanding why they’re inseparable could save your business hours, headaches, and maybe even a few bucks.

If your Brisbane or Queensland small biz is rolling out Microsoft Teams, you’ve probably asked the golden question: “Can I use Microsoft Teams without SharePoint?”

Short answer — nah, mate. You can’t. But you can manage how SharePoint behaves so it doesn’t run wild across your systems.

Let’s unpack why Teams and SharePoint are inseparable, how to keep them under control, and what you can do to protect your data, your workflows, and your sanity.

By the end, you’ll know exactly how to set things up right — and where SharepointPro

Think of Microsoft Teams as your digital office — where everyone meets, chats, and gets things done. SharePoint, on the other hand, is the hard drive that stores and organises every file your team touches.

When you create a new Teams workspace, it automatically spins up a SharePoint site in the background. Every time you attach a file, schedule a meeting, or collaborate on a document — SharePoint is the silent hero keeping it all tidy.

Those “Files” tabs you see in every channel? They’re not floating in space. They’re a window into a SharePoint document library. If you delete or lock that site, your files disappear faster than a cold one at Friday arvo drinks.

So yes — Microsoft Teams runs on SharePoint. One handles chat and collaboration; the other handles file storage and access permissions.

Think of it like this: Microsoft Teams is the engine, but SharePoint is the gearbox. Without it, nothing moves.

How to Disable or Lock SharePoint (If You Must)

You can’t remove SharePoint from Microsoft Teams, but you can restrict it. Here’s how.

Run this PowerShell command:

That command locks access to the SharePoint site. Users will still see the Files tab, but it’ll be empty — no file uploads, no attachments. This setup suits high-security environments (legal, finance, healthcare) where file sharing is risky.

Disable self-service SharePoint site creation for your team members. This stops the chaos of random Teams being created. Admins stay in control.

• Head to SharePoint Admin Center → Settings → Site Creation → Disable user site creation.
• Restrict Microsoft 365 Group creation in Azure AD.

To stop staff from converting sites into Teams on their own, hide the Teamify prompt:

That’s your “keep it tidy” button.

Let’s face it — small businesses in Queensland don’t always have enterprise-level governance teams. You might want to limit SharePoint to prevent:

• Data breaches — clients’ files going walkabout.
• Over-sharing — staff dumping sensitive stuff in open folders.
• Chaos — 50 Teams channels all using different file structures.

That said, completely disabling SharePoint can cripple your Teams setup. The smarter move? Govern it.

That’s where SharepointPro comes in — helping Brisbane and Queensland small businesses apply governance frameworks that keep things running smoothly and securely.

Internal Link Suggestion:

Link the text “SharePoint governance frameworks” to your dedicated internal blog or service page:

👉 /sharepoint-governance-brisbane/

Let’s sketch the simple system that’ll keep your Microsoft Teams and SharePoint humming like a well-tuned Hilux.

Audit your current workflow. Where are your files stored now? What’s working? What’s a mess?
Identify what Teams actually needs to do — chat only, or full file collaboration?

Give staff clear boundaries: who can create, who can edit, and who can share.
Set up Teams with Owners, Members, and Visitors.
Train your team to respect file locations — not drag them into personal OneDrive.

Create predefined site templates:

• “QLD-Project-Name”
• “Marketing-HQ-Brisbane”

That way, you avoid spaghetti file structures.

Use metadata tags (like “Client Name”, “Project Stage”) instead of deep folder nesting. Searching gets faster, and your sanity stays intact.

Run a 30-minute “Microsoft Teams + SharePoint 101” session.
Show how to upload, tag, and share properly.
You’d be shocked at how many problems vanish after a single good training.

Once a quarter, review Microsoft Teams usage and clean up stale channels.
Old projects? Archive them. Duplicates? Bin them.

• Lock SharePoint: Set-SPOsite -Identity <YourSiteURL> -LockState NoAccess
• Stop Site Chaos: Disable user site creation.
• Hide Teamify Prompts: Set-PnPPropertyBagValue -Key "TeamifyHidden" -Value "True"
• Tag Smart: Add metadata columns like “Client” and “Status.”
• Clean Often: Audit content monthly or quarterly.

Wanna Learn more about Stop SharePoint Chaos Now: 5 Glitches Queensland SMBs Can’t Ignore

Here’s what makes this especially relevant for Queensland businesses:

Our workforces are spread out. You’ve got contractors on the Gold Coast, a marketing team in Brisbane, and maybe your accountant’s dialling in from Townsville. Remote and hybrid work is the new normal.

That’s why Microsoft Teams and SharePoint matter more here than anywhere else in Australia. Together, they let your team:

• Access shared files instantly from anywhere in QLD.
• Keep data stored securely under Microsoft’s Australian data residency rules (a must for healthcare, finance, and government contractors).
• Manage version control — so no more “Final_v3_revised_FINAL.docx” drama.

With cloud storage tied directly to SharePoint, your Queensland business stays compliant, consistent, and connected.

Let’s call a spade a spade. Most small businesses here in QLD are running Teams and SharePoint like a backyard BBQ — casual, unplanned, and missing a few tongs.

The post Warning: Microsoft Teams Without SharePoint? Not in Queensland! appeared first on SharePointPro.