PowerShell cannot connect with stored credential when legacy auth is disabled

Brass Contributor

If I disable legacy auth, I don't seem to be able to connect to SharePoint with stored credentials.

 

Connect-SPOService -Url <adminUrl>-Credential $UserCredential

 

The cmdlet above is not working anymore as soon as I enable the CA policy to disable legacy auth.

 

Error: Connect-SPOService : The sign-in name or password does not match one in the Microsoft account system.

 

However I can still login to AzureAD and Teams.

 

https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Conditional-Access-s...

3 Replies

Using the -Credentials switch for the Connect-SPOService forces it to switch to legacy auth, thus you are getting blocked by the CA policy. You either need to use the interactive login, or configure client secret/cert if you want to do automation. Or exclude the account in question from the CA policy.

OK, I see. And it seems to be the same for PnP PowerShell.

It's a bit of a shame, as it's working for Azure AD and Teams, I guess it could work for SharePoint too.
I don't see how I can use a client cert with Connect-SPOService.

However I found a similar case and apparently it's possible to force modern auth with a registry key.

https://blogs.technet.microsoft.com/jasonross/2017/10/04/sharepoint-online-management-shell-forcing-...

I will try this soon.