MicrosoftHi BertJansen,
yes 100% sure that the RERs we use have been recreated after switching from the old SharePoint Only Apps to Azure AD Apps. In our tests we ran into the problem, that only the App which created a RER could delete that RER. So we used the old addin to delete the RERs and recreated them with the new Azure AD app. Those newly created RERs do fire.
We use application permissions (Sites.Selected) to create the RERs.
In the beginning we had an issue with RERs not firing, when we started with Azure AD apps and Sites.FullControll.All. So we allowed our AzureAD app on the tenant level to access all sites by using tenant-admin.sharepoint.com/_layouts/appinv.aspx. That was OK to access SPO by APIs but not to fire the RERs. We have to add our app to the specific site as well with tenant.sharepoint.com/sites/site/_layouts/appinv.aspx. On appinv.aspx we followed the documented steps and use the clientId of the Azure AD app. With that permission entry the RERs started firing. Using Sites.FullControl.All was a security problem for our customers because we had access to too many sites. So we started switching to Sites.Selected as soon as possible and with that permission we had to add our Azure AD app to individual sites.
In addition: all new customers from November 2021 never had an old SharePoint App. So, those customers never got any ACS based component from us. So, we are pretty sure, thar our scenario is not using ACS.
As an alternative to appinv.aspx for giving Sites.Selected permissions per site, we started using PnP commands: https://github.com/pnp/powershell/blob/dev/documentation/Grant-PnPAzureADAppSitePermission.md. So even if appinv.aspx is removed from SharePoint, we think that we can setup SharePoint sites to fire RERs.
