Forum Discussion
The app@sharepoint principal is not resolving in newly created tenants
I am experiencing the same issue in a newly created tenant as well, app@sharepoint won't resolve in the new or old term store experience and Mikael Svenson's workaround is not working unfortunately. Anyone?
AnnieJohnson We have just retested this in a brand new O365 Developer tenant and the same problem occurred.
And yes the workaround from Mikael Svenson' has not been working for this anymore too. Since this was a developer tenant we can not open a ticket there.
If anyone has this problem on a productive tenant please open a ticket and maybe get back here if you get any new status from Microsoft.
QuantumrunnerI actually did open a support ticket and they essentially copy/pasted the previous fix into an email:
- Create a new app with app-only permissions following https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
- Connect to PNP-Online using the article - https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/connect-pnponline?view=sharepoint-ps
- Please use the URL https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmtspo20-admin.sharepoint.com%2F&data=04%7C01%7Cajohnson%40rightpoint.com%7Ca2ed100487454aabd69d08d8961140f3%7C5fbbce2ac3e64b5ea51f222674fdb44d%7C1%7C0%7C637424348142592384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=kt%2BGt7u5S9wEIK2EFq%2B2hqNScYDUkgGPvDBo%2BCCQcCc%3D&reserved=0 to connect to PNP-Online
- Connected to -admin and was able to resolve Get-PnPUser -Identity "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint"
- Added i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint as a user in term store
Thank you for being part of Microsoft Family.
I replied with the outputs of the powershell script showing that the app@sharepoint principal does not resolve when connected to admin, but does resolve when connected to the root site. Regardless the principal is not available to add in the term store. I am awaiting their next response.
AnnieJohnson When we did the testing this week we added the SharePoint App with app only permissions to the Admin Site Collection (https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmtspo20-admin.sharepoint.com%2F&data=04%7C01%7Cajohnson%40rightpoint.com%7Ca2ed100487454aabd69d08d8961140f3%7C5fbbce2ac3e64b5ea51f222674fdb44d%7C1%7C0%7C637424348142592384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=kt%2BGt7u5S9wEIK2EFq%2B2hqNScYDUkgGPvDBo%2BCCQcCc%3D&reserved=0 ) instead of the root site collection.
Afterwards the user could be resolved in PowerShell by conncecting to https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmtspo20-admin.sharepoint.com%2F&data=04%7C01%7Cajohnson%40rightpoint.com%7Ca2ed100487454aabd69d08d8961140f3%7C5fbbce2ac3e64b5ea51f222674fdb44d%7C1%7C0%7C637424348142592384%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=kt%2BGt7u5S9wEIK2EFq%2B2hqNScYDUkgGPvDBo%2BCCQcCc%3D&reserved=0 and setting Get-PnPUser -Identity "i:0i.t|00000003-0000-0ff1-ce00-000000000000|app@sharepoint".
But the user still did not show up in the user selection on the modern or the classic TermStore Admin Page.
