SharePoint and Teams

How to connect to PnP Online with Interactive Authentication

How to follow best practice when securely connecting to and using PnP Online in PowerShell with interactive authentication and an app registration
Scott Ortlepp
Updated
November 8, 2024
3 minutes

Microsoft have updated the security requirements for connecting to PnP Online via PowerShell. In this article, we’re going to step through how to set up the app registration and two different methods of connecting to PnP Online using interactive Authentication.

Requirements

Roles & Licensing

  • SharePoint Administrator – To confirm you have access to login using interactive authentication.
  • Cloud App Administrator – For the creation of the App Registration required for modern interactive authentication.

Apps & Modules – Update setting via PowerShell

  • PowerShell – There are several versions and ways to access PowerShell, in our guide we will use PowerShell ISE.
  • PnP PowerShell module – This module is used to confirm the modern authentication will work for your existing scripts.

Create an app registration

Both methods will require an app registration to successfully connect to PnP Online following Microsoft’s update. Before you begin, confirm that you have either the App Administrator or Cloud App Administrator role assigned to you in Entra ID.

To set up your app registration, refer to the PnP GitHub guide (Register an Entra ID Application to use with PnP PowerShell | PnP PowerShell). This resource provides detailed instructions for both manual and automated configuration of your app registration.

If you need guidance to what permissions your app registration will need, you can refer to the following PnP GitHub guide: How to determine which permissions you need | PnP PowerShell

Once you have completed these steps, make sure you take note of the Application (client) ID. You will need this when completing both methods of authentication.

Method 1 – Default client ID

Setting a default client ID for the device you use to run your scripts enables you to use interactive authentication without passing the client ID each time you connect to PnP Online. To do this, use the following command, replacing ‘<client ID>’ with the client ID of your app registration.

[System.Environment]::SetEnvironmentVariable('ENTRAID_CLIENT_ID', '<client ID>', [EnvironmentVariableTarget]::User)

To test that you have successfully configured your app registration and default client ID, run the following command with your SharePoint Admin URL:

Connect-PnPOnline -Url <SharePoint Admin URL>  -Interactive

To find out more about default client IDs, please see the PnP GitHub documentation: Set a default Client ID | PnP PowerShell.

Method 2 – Manually provide client ID

If you connect to multiple environments via PnP Online, each environment will have a unique app registration, meaning you will need to provide the client ID manually. To do this, you can run the following command with your SharePoint Admin URL and unique client ID:

Connect-PnPOnline -Url <SharePoint Admin URL>  -Interactive -ClientID <Client ID>

Need to govern the creation of SharePoint sites?
Use SProbot to design workspace templates with naming convention, ownership, and security guardrails - all without giving up self-service
Need help with your SharePoint project?
We have helped organisations optimise their use of SharePoint since 2003
Get useful SharePoint and Teams insights first

See how SProbot can help you keep your M365 tenant tidy

We'll show you how to tame content sprawl and make it easier for your users to find what they need

Get a demo