Forum Discussion
Solved
PnP-PowerShell Connect-PnPOnline using AppId gives Access denied
I'm creating a PowerShell script to connect to SharePoint Online and authenticate as a registered Azure AD application (not a user). In Azure AD I have registered the application and I have the AppI...
I finally figured this out. The Connect-PnPOnline cmdlet is flexible and has multiple ways to connect to SharePoint. They key is using the right set of parameters.
Using the syntax "Connect-PnPOnline -Url $siteUrl -AppId $appId -AppSecret $appSecret" connects using SharePoint App-only permissions as described https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs. Using this method you need to register the app using SharePoint (not the graph). If you want to connect using the Microsoft Graph and Azure AD the connection string would be something like "Connect-PnPOnline -AppId $appid -AppSecret $appsecret -Url $siteUrl -Scopes Sites.FullControl.All".
I believe that "app only" access is not possible for SharePoint Online unless your app secret uses a certificate or the app registered in Azure AD is for a SharePoint Add-In (and the add-in's app principal has been granted app-only access when the add-in was registered in SharePoint Online).