May 10 2019 01:51 PM
Hi,
I'm trying to move my SPO Admin scripts to Azure Runbooks. My Admin Account is MFA enabled. When I run the commands:
Connect-SPOService : A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: Enter your credentials.
May 13 2019 12:50 AM
SolutionHi @Russell Gove, no you can't use an MFA account when doing this level of automation unfortunately as the usual behaviour is to open a popup to request the authentication. There are a couple of options which you have available to you:
1. Use a "service account" which doesn't have MFA (this is the easiest way, just ensure you have a strong password on the account)
2. Connect using App ID and Secret
I hope that helps
May 13 2019 06:20 AM
@Matt Weston Agreed. I prefer #2 as it's a more granular approach to permissions than re-using service accounts for multiple things in your environment.
May 13 2019 12:04 PM
@Beau Cameron Thanks for the info. So I created an app ID and secret, and then created a new credentials in my Azure Automation account (called runbooksappidandsecret) using the app id and secret.
Then I try to use that credential in my script:
Connect-SPOService : The 'username' argument is invalid. At line:9 char:1 + Connect-SPOService -Url "$adminUrl" -Credential $creds + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-SPOService], ArgumentException + FullyQualifiedErrorId : System.ArgumentException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
May 14 2019 11:39 AM
@Russell Gove My apologies as I wasn't fully thinking in this regard. SPO Commandlets do not support app only credentials... I forget because I only use the PnP Commandlets (as they have more features than the SPO commandlet).
Feb 17 2021 06:17 AM
I am having the same problem but I am actually trying to access PNP Cmdlts. I'm fairly new so I am curious on the process of " So I created an app ID and secret, and then created a new credentials in my Azure Automation account (called runbooksappidandsecret) using the app id and secret."
Could you tell me the process to get to this point?
Many thanks
Rob
Feb 17 2021 07:39 AM
@Beau Cameron How do you connect to PnP using the App ID and Secret. I have created the App and secret but I am stuck at that point... Your help would be hugely appreciated
Feb 17 2021 09:54 PM
@RobOnyxPublishing All of the options for connecting via PnP PowerShell can be found at https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/connect-pnponline
The Client Secret option is Example #3 on the page. Microsoft's recommendation for the most secure method is to use a Certificate (Examples #6-8, but I prefer #7). It's a few extra steps to create and attach the Certificate to the App ID, but just as simple as the Client Secret approach after the initial setup, IMO. There is a link under the examples that shows all the steps to set it up.
Feb 24 2021 11:15 AM
@RobOnyxPublishing - I have created a while ago a sample for the PnP PowerShell with scripts to set this up using App Only, Azure AD App, and Azure Automation -
https://github.com/pnp/powershell/tree/dev/samples/Connect.AzureAutomation
hope it helps.
May 13 2019 12:50 AM
SolutionHi @Russell Gove, no you can't use an MFA account when doing this level of automation unfortunately as the usual behaviour is to open a popup to request the authentication. There are a couple of options which you have available to you:
1. Use a "service account" which doesn't have MFA (this is the easiest way, just ensure you have a strong password on the account)
2. Connect using App ID and Secret
I hope that helps