Error resetting last modified date

Copper Contributor


I am using CSOM to change SharePoint Online files and reset the last modified date of their items.

It works, when I log in to SharePoint with user name and password.

When I create an app registration and use MSAL to get a token through interactive login, the reset of the last modified date will not work.

The code is the same. It is just the token, that makes the difference.

The app registrations API permissions are set to AllSites.Manage, so it should have enough rights to change meta data.

Any suggestions what I could change?




6 Replies

@Alexander72 Can you try using AllSites.FullControl permissions & see if it works for this scenario?


Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

AllSites.FullControl solves the problem, but in my opinion it is a bug and may cause security problems! I do not want my application to access everything in SharePoint.
So giving full control permissions is just a work around, which is not suitable from the security perspective.



Based on your questions, you are getting  a token through interactive login that means you are using Delegated permissions, so even if you have given AllSites.FullControl, your code will always work with permission of user which you are using interactive login.


And still it's also possible to provide access to specific sites using Azure AD App Registration. If security is the concern then you can provide AllSites.FullControl rights for particular site collections only.

Reference Blog: 


Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community

This is also a work around, which is not suitable in my case.
My customer has a OneDrive folder for every of his users (about 65K) and also many team sites.
Every SharePoint online site has to be searched for Office files. Every Office file ist to be analyzed for VBA macros and if there are macros without potentially malicious code, they are to be signed.
The last modified date and the editor is to be preserved.
And you need one app to have read/write access to those sites and files.
Modifying file content is possible with AllSites.Modify.
So AllSites.Modify is the way to go. Everything else would be an overkill.
MS has to fix this!



What I am trying to say is if you are using Delegated Permissions (as mentioned in below screen shot), even if you provide higher permission in App Registration, only operation which current user have permissions (user which you have used in interactive login) are allowed.




E.g. In your App Registration, you have given AllSites.FullControl rights and let say we have two user i.e. User A and User B where User A does have only read rights in one site collection and User B does have contribute rights in same site collection.


Now if you login with User A in your CSOM console with interactive user, and you are trying to update anything in the site, Code will give unauthorized access (even if in your app you have given AllSites.FullControl permission) because current user don't enough rights in site collection.

I hope that now it will be more clear.


Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community

This may be true, but my customers won't accept AllSites.FullControl to this app.
I just wanted to say, that AllSites.Manage is buggy, because if I can change the content of a file, I should be able to change the meta data of an item.