Microsoft has announced that starting April 2nd, 2026, all SharePoint Add-in applications will be deprecated in online environments. This change affects all online tenants using Wizdom.
Important: On-premises environments running SharePoint 2013, 2016, 2019, and SharePoint Server Subscription Edition (SE) will not be affected by the Add-in Applications retirement. However Intranet Enterprise's .NET Framework version has been upgraded to version 4.8.1 and a few changes will be needed to the environment and to the web.config file to keep functioning.
Starting from version 7.0.0.0, all Azure-hosted versions of Wizdom must be adapted to continue functioning. If you choose not to upgrade immediately, the current version will remain operational until April 2nd, 2026, after which Microsoft will disable support for Add-in apps.
Make sure to also read the Final Steps section (6.x) before you begin.
Prerequisites
It is required to have 6.74.7 or any hotfix installed before upgrading to this version.
All the custom scripts must be allowed on your SharePoint sites. Microsoft automatically blocks them every 24 hours, learn more here: Changes to Custom Script Settings in SharePoint Online: What You Need to Know – Knowledge Base.
To automate enable custom scripts follow this guide: Automate enable custom scripts in SharePoint Online – Knowledge Base
Please be sure to also read through the release notes.
IMPORTANT IF AZURE WEB APP IS HOSTED BY LIVETILES
If your environment is hosted by LiveTiles, the upgrade process differs slightly from self-hosted environments.
What You Need to Do
Submit a Support Ticket
Contact LiveTiles Support to initiate the upgrade request.
IMPORTANT: Include your Entra ID tenant id in this support request.Approve the Consent Link
After your ticket has been processed, you will receive a consent link from our team. Please review and approve this link to allow us to proceed with the upgrade.
What You Don’t Need to Do
Steps 1–3 in the standard upgrade guide do not apply to LiveTiles-hosted environments. These steps will be handled by our team.
What We Will Handle
Step 6.2 of the standard upgrade process will be performed by LiveTiles during the scheduled upgrade window.
Migration Steps for Online Environments
To ensure Intranet Enterprise continues to function properly in online environments, follow these steps to transition from a SharePoint Add-in to an Enterprise Application:
Enterprise Application and App Registration on Microsoft Entra ID
If you do not already have an Enterprise Application, you must create it. The Intranet Enterprise (Wizdom) will use this Enterprise Application to connect, and all user and application access tokens and contexts will rely on it to establish connections and use the required permissions. If you already have these set up, you can skip this step.
1. Access Microsoft Entra ID and Go to Microsoft Entra ID > Manage > Enterprise Applications
1.1. Create a new Application
- Click 'New Application'
- Select the option 'Create your own application
- Choose 'Register an application' to integrate with Microsoft Entra ID
- Provide a name for the Application
1.2. Configure Registration
On the next screen, select the 'Supported account types' according to your organization's policy.
You may leave the 'Redirect URL' blank for now - we will return to it later.
Click 'Register'.
1.3. Generate a Client Secret
You will now be redirected to Entra ID. Go back to Enterprise Applications and filter by the app name to confirm it was created.
- Open it up to view the app registration
- Navigate to 'Certificates & secrets'
- Click on 'New client secret'
- Provide a description and set the expiration period
- Click 'Add' and save the generated secret securely - it will not be shown again
1.4. Adding the app to the Microsoft Entra ID (Online and multitenant only)
In case your application is running on a multitenant environment - it means app registration in one tenant and the app service in other tenant you must add and consent the application on the web service tenant, for that you only have to access following URL logged in with an account with admin permissions on the Entra ID:
https://login.microsoftonline.com/{AppServiceMicrosoftEntraIDTenantID}/v2.0/adminconsent?client_id={APPRegistrationClientID}&redirect_uri= {appURL}/Base/WizdomContextProxy.aspx&scope=https://graph.microsoft.com/.default
Explanation:
AppServiceMicrosoftEntraIDTenantID = Entra ID Tenant ID
APPRegistrationClientID = Client ID on the new Enterprise Application
appURL = https://example.azurewebsites.net
1.5. Setting Up Redirect URL
In your app registration, go to Manage Authentication
Click on Add a platform
Select Single-page application
- Add the redirect URI as {appURL}/Base/WizdomContextProxy.aspx - the value of appURL can be found in the Environment variables section of your App Service (Web App) in Azure.
- Select Access tokens (used for implicit flows)
- Click Create
- If you are using multitenant environment (App Service in one tenant and Entra ID in another) select the accounts in any organizational directory
2. Create and Upload a Certificate
2.1. Navigate to Key Vaults in Azure
-
Create a new Key Vault for this purpose
- Name: any name you prefer
- Method: Generate
- Certificate Authority: Self-signed certificate
- Subject: CN=Wizdom365
- Content Type: PKCS #12
2.2. Download the Certificate
Wait for the certificate to be completed.
- Go to the certificate list
- Select the newly created certificate under Current Version
- Click Download in CER format
2.3. Give network permissions to the keyvault
On the keyvault navigate to Settings > Networking.
Here you should either set 'Allow public access from all networks' or 'Allow public access from specific virtual networks and IP addresses'.
If you choose 'Allow public access from all networks' nothing else is required.
In case of 'Allow public access from specific virtual networks and IP addresses' go back to your Azure App Service (Web App) and copy all the 'Outbound IP addresses' and 'Additional Outbound IP addresses' and add all of them to the Firewall of the keyvault.
2.4. Give access to you application for accessing the keyvault
On the keyvault, navigate to Access polices and click Create
Select the following permissions and click Next
| Key Permissions | Get, List |
| Secret Permissions | Get, List, Set |
| Certificate Permissions | Get |
On the next screen (Principal) Search for the Client ID of your new Enterprise app:
Then, review it and click Create.
3. Upload Certificate to App Registration
3.1. Add certificate
Return to App Registrations and open the application.
- Go to the Certificates tab and click Upload Certificate
- Select the downloaded file
- Add a description
- Click Confirm
3.2. Assign API Permissions
Go to the 'API Permissions' tab and add the following:
Microsoft Graph
| User.Read | Delegated |
| AppCatalog.Read.All | |
| Directory.Read.All | Application |
| Group.Read.All |
SharePoint
| User.Read.All | Delegated |
| AllSites.FullControl | |
| Sites.FullControl.All | Application |
| TermStore.ReadWrite.All |
Yammer
| User_impersonation | Delegated |
After adding all permissions, make sure to grant admin consent for each.
4. Changes on SharePoint
4.1. Adding Permissions to write on app catalog
This is NOT needed if you upgrade directly to 7.0.1 as that hotfix removes the need for these permissions in the SharePoint app,
To write in the app catalog and upload the modern webparts of Wizdom, permissions must be defined in SharePoint, and the process will remain the same as before.
- Navigate to: https://<tenant>-admin.sharepoint.com/_layouts/15/appinv.aspx
- Paste your ClientId in the "App Id" field and click "Lookup" (even if the fields are not populated)
-
Paste your App URL into the field App Domain
Example: example.azurewebsites.net
-
Make sure the Redirect URL has below structure:
Example: https://example.azurewebsites.net/Base/WizdomContextProxy.aspx
- Paste the XML provided below into the "Permission Request XML" field.
- Click "Create" and then "Trust It."
<AppPermissionRequests AllowAppOnlyPolicy="true" >
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/search" Right="QueryAsUserIgnoreAppPrincipal" />
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/taxonomy" Right="Write" />
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
This should register your app as trusted for that site collection, even if it is a modern app via Azure AD
4.2. Permissions for your tenant
4.2.1. Enabling Custom Authentication for SharePoint Online Applications
To allow custom applications to authenticate with SharePoint Online, you need to configure your SharePoint Online tenant settings. This is particularly useful for applications that require custom authentication methods, such as those using PnP.Framework with certificates.
The process involves using the Set-SPOTenant PowerShell command to enable custom app authentication.
Prerequisites:
Before proceeding, ensure that you meet the following requirements:
1) Install SharePoint Online Management Shell Module
You must have the SharePoint Online Management Shell module installed on your machine. If you have not installed it yet, use the following PowerShell command to install the module:
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
2) Administrator Permissions
Ensure you have global administrator permissions in your Microsoft 365 environment. This level of access is required to modify tenant-wide settings in SharePoint Online.
4.2.2. Steps to enable Custom Authentication
Follow these steps to enable custom authentication for applications in your SharePoint Online tenant:
1) Authenticate to SharePoint Online
-
Before executing any commands, you need to authenticate to your SharePoint Online service using the Connect-SPOService command. Run the following PowerShell command, replacing <your-tenant-name> with the name of your tenant (e.g., contoso):
Connect-SPOService -Url https://<your-tenant-name>-admin.sharepoint.com
2) Enable Custom Authentication for Applications
-
To enable custom authentication for applications that need to authenticate via certificates or other custom methods, run the following command:
Set-SPOTenant -DisableCustomAppAuthentication $false
This command configures your SharePoint Online tenant to allow custom authentication for applications, making it possible for them to authenticate using methods such as certificates, which is required by applications utilizing the PnP.Framework.
Explanation of the Command
- The Set-SPOTenant command modifies tenant-level settings.
- The -DisableCustomAppAuthentication $false parameter ensures that custom application authentication is enabled, allowing apps with specific authentication methods (like certificates) to interact with SharePoint Online.
5. Migration Steps for On Prem Environments
Install .NET Framework version 4.8.1 runtime on the server Download .NET Framework 4.8.1 | .NET
-
With the upgrade of the .NET Framework version to 4.8.1, some changes to the web.config file will be necessary to ensure the proper functioning of Wizdom in both environments. The first step is to verify and ensure that the .NET Framework runtime version is set to 4.8.1. To do this, add or update the following line inside the <system.web> section:
<httpRuntime targetFramework="4.8.1" maxRequestLength="20480" />
-
Add the block below within the <location path="." inheritInChildApplications="false"> section in your web.config file:
<system.web> <webServices> <protocols> <add name="HttpGet" /> <add name="HttpPost" /> <add name="HttpPut" /> <add name="HttpDelete" /> </protocols> </webServices> </system.web> -
The <httpProtocol> and <customHeaders> block must exist only inside the <location path="." inheritInChildApplications="false"> section. This ensures that the CORS configuration is correctly applied within the application scope and prevents conflicts with other server definitions.
If it exists anywhere else (for example, at the root level of web.config), it must be removed.
If it doesn’t exist, it must be added as shown below:<system.webServer> <httpProtocol> <customHeaders> <add name="Arr-Disable-Session-Affinity" value="true" /> <add name="P3P" value="CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"" /> <add name="X-UA-Compatible" value="IE=edge" /> <remove name="Access-Control-Allow-Origin" /> <remove name="Access-Control-Allow-Headers" /> <remove name="Access-Control-Allow-Methods" /> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, Authorization" /> <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, PATCH, OPTIONS" /> </customHeaders> </httpProtocol> </system.webServer> -
Ensure correct assemblyBinding in the <runtime> section. Outside the <location> tag, within the <runtime> section, ensure that assemblyBinding is properly configured to ensure that the references for libraries used by Wizdom are correctly resolved. The complete block of code would look like this:
<runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.2.7.0" newVersion="5.2.7.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Practices.Unity" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.5.0.0" newVersion="3.5.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.8.4.0" newVersion="5.8.4.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Spatial" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.8.4.0" newVersion="5.8.4.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.8.4.0" newVersion="5.8.4.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.SharePoint.Client.Runtime" publicKeyToken="71e9bce111e9429c" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-16.1.0.0" newVersion="16.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.SharePoint.Client" publicKeyToken="71e9bce111e9429c" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-16.1.0.0" newVersion="16.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.WindowsAzure.Storage" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-9.3.2.0" newVersion="9.3.2.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-5.2.2.0" newVersion="5.2.2.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.IdentityModel" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.ServiceModel" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Xml" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Runtime.Serialization" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Services" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Xml.Linq" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Data" publicKeyToken="b77a5c561934e089" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.1.1.3" newVersion="4.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.AI.Agent.Intercept" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.0.5.0" newVersion="2.0.5.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="CodeCop" publicKeyToken="401d1f9f00971572" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.2.1.0" newVersion="3.2.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="StackExchange.Redis.StrongName" publicKeyToken="c219ff1ca8c2ce46" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.2.6.0" newVersion="1.2.6.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.VisualStudio.Enterprise.AspNetHelper" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <codeBase version="15.0.0.0" href="file:///C:/Program%20Files%20(x86)/Microsoft%20Visual%20Studio/Shared/Common/VSPerfCollectionTools/Microsoft.VisualStudio.Enterprise.AspNetHelper.DLL" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="VsWebSite.Interop" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <codeBase version="8.0.0.0" href="file:///C:/Program%20Files%20(x86)/Microsoft%20Visual%20Studio/Shared/Common/VSPerfCollectionTools/VsWebSite.Interop.DLL" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Clients.ActiveDirectory" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Data.Services.Client" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.8.4.0" newVersion="5.8.4.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Online.SharePoint.Client.Tenant" publicKeyToken="71e9bce111e9429c" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-16.0.0.0" newVersion="16.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="SharePointPnP.IdentityModel.Extensions" publicKeyToken="5e633289e95c321a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.2.4.0" newVersion="1.2.4.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Clients.ActiveDirectory.Platform" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.19.8.16603" newVersion="3.19.8.16603" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Ninject" publicKeyToken="c7192dc5380945e7" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.3.4.0" newVersion="3.3.4.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="AngleSharp" publicKeyToken="e83494dcdc6d31ea" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-0.13.0.0" newVersion="0.13.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Azure.Storage.Common" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-11.1.7.0" newVersion="11.1.7.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Azure.Documents.Client" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.4.0.0" newVersion="2.4.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Abstractions" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.5.1" newVersion="4.0.5.1" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Threading.Tasks.Extensions" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.2.0.1" newVersion="4.2.0.1" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Graph.Core" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.14.0.0" newVersion="1.14.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="AngleSharp.Css" publicKeyToken="e83494dcdc6d31ea" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-0.13.0.0" newVersion="0.13.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Graph" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.14.0.0" newVersion="1.14.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-6.0.0.1" newVersion="6.0.0.1" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Configuration.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.DependencyInjection.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.FileProviders.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Primitives" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Logging.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Options" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Http" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0a613f4dd989e8ae" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.57.0.0" newVersion="4.57.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.DependencyInjection" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Configuration" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Configuration.Binder" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Security.Cryptography.ProtectedData" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Security.Cryptography.Xml" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.3.1" newVersion="4.0.3.1" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Security.Principal.Windows" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.AspNetCore.Hosting.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.2.0.0" newVersion="2.2.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.AspNetCore.Http.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.2.0.0" newVersion="2.2.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Hosting.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.2.0.0" newVersion="2.2.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Logging" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.3.0" newVersion="3.1.3.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.FileProviders.Physical" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Caching.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.2.0.0" newVersion="2.2.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Extensions.Caching.Memory" publicKeyToken="adb9793829ddae60" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-2.2.0.0" newVersion="2.2.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Azure.Core" publicKeyToken="92742159e12e44c8" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-1.36.0.0" newVersion="1.36.0.0" /> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.IdentityModel.LoggingExtensions" publicKeyToken="31bf3856ad364e35" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-7.3.1.0" newVersion="7.3.1.0" /> </dependentAssembly> </assemblyBinding> </runtime>
IMPORTANT: For ON-PREM 2013, the
<runtime>tag contains a few differences. You can maintain all the same values as in the previous configuration; however, the following tags must be updated with the values listed below.<dependentAssembly> <assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Data.Services.Client" publicKeyToken="31bf3856ad364e35" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.Online.SharePoint.Client.Tenant" publicKeyToken="71e9bce111e9429c" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-15.0.0.0" newVersion="15.0.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.SharePoint.Client.Runtime" publicKeyToken="71e9bce111e9429c" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-15.0.0.0" newVersion="15.0.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="Microsoft.SharePoint.Client" publicKeyToken="71e9bce111e9429c" culture="neutral"/> <bindingRedirect oldVersion="0.0.0.0-15.0.0.0" newVersion="15.0.0.0"/> </dependentAssembly>
6. Final steps
6.1. Upgrade Wizdom to the Latest Version
Important: Some of the permissions can take a few hours to take effect for the new online set up, and errors might be thrown on the API calls.
Make sure to upgrade Wizdom to the latest available version (currently v. 7.0.0.0).
This step is essential to ensure compatibility with the updated authentication model and to benefit from the latest features, improvements, and security fixes.6.2. Changes on Azure App Service
6.2.1. Updating Environment Variables in the App Service
In this step, we will update key environment variables in the Azure App Service that hosts your application. These updates are necessary to ensure your application uses the correct credentials and resources for authentication via Entra ID.
Overview of changes
We will update the following environment variables:
clientId:
-
New Value: Use the Application (client) ID of the Enterprise Application created earlier.
This value identifies the application that will authenticate with SharePoint Online.
clientSecret:
-
New Value: Use the secret value that was generated in the previous steps.
This secret is associated with the Enterprise Application and will be used for secure authentication.
Recommended Best Practice: "Backup Existing Values"
Before making any changes, it is strongly recommended that you back up the current values of all existing environment variables. Store them securely (e.g., in a secure file or password manager). This ensures you can restore the original configuration if needed.
To avoid confusion and maintain traceability, you may optionally create additional environment variables to preserve the old values: ClientIdAddIn and clientSecretAddIn - These can store the previous values of clientId and clientSecret, respectively.
Example:
6.2.2. Adding new Environment Variables
Three additional environment variables are required to support certificate-based authentication via Azure Key Vault
certificateKeyVaultNameContext:
-
Value: The name of the Key Vault where the certificate was created.
This allows the application to locate the Key Vault for retrieving the certificate at runtime.
certificateNameContext:
-
Value: The name of the certificate that was created.
This allows the application to locate the the certificate at runtime.
tenantId:
-
New Value: TenantId of your Microsoft EntraID.
This id will be used to authenticate the users to the right tenant.
Example:
6.2.3. Edit App Registration Authentication (optional - just need if you use Teams app)
Go to Microsoft Entra ID > Manage > App registration > Select the App created earlier > Manage > Authentication.
Make sure the /.auth/login/aad/callback is added in Redirect URI configuration.
Select Settings tab > Check on ID tokens (used for implicit and hybrid flows) > Save.
6.2.4. Add an identity provider (optional - just need if you use Teams app)
If you are using LiveTiles Everywhere or Workspaces in Teams app, this is additional step for allow new authentication model working properly.
Go to Settings -> Authentication -> Add provider.
In Add an identity provider page, select Microsoft as the Identity provider to sign in Microsoft and Microsoft Entra identities.
For Tenant type, select Workforce configuration (current tenant) for employees and business guests.
For App registration > App registration type, select Provide the details of an existing app registration
and input the Application (client) ID of the Enterprise Application created earlier.Other settings, please configure as below screenshot. Then click Add button.
6.3. User Action Required: Allow Pop-Ups (only for online)
All end users must now allow pop-ups in their browsers for the following domains: Your SharePoint Online sites (e.g., https://<tenant>.sharepoint.com).
The Wizdom administration site (typically a custom domain or subdomain provided by Wizdom). This is required because the new authentication model may rely on interactive login flows that use pop-up windows for Azure AD sign-in prompts.
If pop-ups are blocked, key features of Wizdom - such as navigation loading, personalization, or admin configuration - may fail to work correctly. Recommendation: Communicate this change to all users in advance and consider updating internal IT policies or documentation to include instructions for enabling pop-ups.
6.4. Pair a New License (Only for online)
Once the upgrade is complete, you must pair a new license.
Open a ticket on Zendesk (LiveTiles Support) requesting a new valid PIN for your recently updated version of Intranet Enterprise (Wizdom) and the team will be in touch with you with the new PIN. Once you have the new PIN, it can be repaired on the Enterprise Administration > Admin > License.
NOTE: This step is critically important, as the system is now using a new Azure AD Client ID.
This change affects how Wizdom communicates with:
- The Wizdom backend services
- The associated databases
- SharePoint Online
- Other integrated components
Because of the new identity and authentication configuration, the existing license will no longer be valid. Pairing a new license ensures that all components are properly registered and functional.
Important Notice Regarding the Add-in Application
For On-Premises environments, the Add-in application must not be deleted, as the upcoming retirement does not affect these environments.
For Online environments, do not delete the Add-in application from your SharePoint tenant or App Catalog immediately. Although the Add-in application may no longer be actively used, it is essential to verify the installation and full functionality of the new infrastructure before proceeding with its removal.
-
Comments
0 comments
Please sign in to leave a comment.