SOLVED
Home

Using SharePoint Client Side Object Model with PowerShell and Multifactor Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-92734%22%20slang%3D%22en-US%22%3EUsing%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92734%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20is%20a%20technique%20to%20connect%20to%20SharePoint%20Online%20with%20PowerShell%20when%20Multi-factor%20Authentication(MFA)%20is%20enabled.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Ffp161372.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Ffp161372.aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20a%20very%20limited%20list%20of%20SharePoint%20Online%20cmdlets%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Ffp161364.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Ffp161364.aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20leverage%20the%20client%20side%20object%20model%20to%20access%20objects%20like%20the%20webs(spweb)%20and%20lists(splist).%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdev.office.com%2Fsharepoint%2Fdocs%2Fsp-add-ins%2Fcomplete-basic-operations-using-sharepoint-client-library-code%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdev.office.com%2Fsharepoint%2Fdocs%2Fsp-add-ins%2Fcomplete-basic-operations-using-sharepoint-client-library-code%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20technique(%20or%20example)%20to%20use%20my%20identity%2Fcredentials%20after%20I%20have%20authenticated%20with%20Multifactor%20Authentication%20with%26nbsp%3BMicrosoft.SharePoint.Client.ClientContext%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-92734%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Emfa%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-157387%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-157387%22%20slang%3D%22en-US%22%3E%3CP%3ESeems%20to%20work%20with%20the%20app%20password%20now.%20Thanks%20for%20the%20nudge!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-150570%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-150570%22%20slang%3D%22en-US%22%3EI%20also%20use%20an%20App%20Password%20and%20it%20works%20well.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-150281%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-150281%22%20slang%3D%22en-US%22%3E%3CP%3Ei%20was%20able%20to%20run%20my%20azure%20automation%20script%20that%20accesses%20an%20SPO%20tenant%20with%20CSOM%20%2B%20an%20account%20that%20has%20MFA%20authentication%20enabled%20by%20using%20the%20app%20password%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fcreate-an-app-password-for-office-365-3e7c860f-bda4-4441-a618-b53953ee1183%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fcreate-an-app-password-for-office-365-3e7c860f-bda4-4441-a618-b53953ee1183%3C%2FA%3E%3C%2FP%3E%0A%3CP%3Ei%20deleted%20the%20default%20app%20pass%20that%20was%20created%2C%26nbsp%3Bas%20it%20didn't%20seem%20to%20work%20in%20powershell%2C%20i%20found%20another%20post%20on%20tech%20community%20that%26nbsp%3Bdescribes%20the%20same%20problem%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fcreate-an-app-password-for-office-365-3e7c860f-bda4-4441-a618-b53953ee1183%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIdentity-Authentication%2FAuthenticating-to-O365-using-Powershell-and-MFA%2Fm-p%2F28580%23M166%3CBR%20%2F%3E%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-128853%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-128853%22%20slang%3D%22en-US%22%3E%3CP%3EWould%20there%20happen%20to%20be%20a%20way%20to%20do%20this%20without%20the%20web%20login%3F%20Use%20case%3A%20automated%20PowerShell%20scripts%20running%20on%20a%20schedule%20where%20the%20service%20account%20also%20has%20MFA%20enabled.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-92862%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-92862%22%20slang%3D%22en-US%22%3E%3CP%3EConnecting%20to%20SharePoint%20Online%20using%20PnP%20PowerShell%20Connect-PnPOnline%20allows%20you%20to%20specify%20a%20%3CSTRONG%3EUseWebLogin%3C%2FSTRONG%3E%20parameter.%20This%20allows%20you%20to%20connect%20with%20MFA%20enabled.%20Once%20connected%20you'd%20have%20many%20more%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%2Fblob%2Fmaster%2FDocumentation%2Freadme.md%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecmdlets%20%3C%2FA%3Eat%20your%20disposal%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1232362%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1232362%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F130%22%20target%3D%22_blank%22%3E%40Trevor%20Seward%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWorked%20great%20right%20up%20till%20the%20ability%20to%20create%20App%20Passwords%20disappeared%20from%20every%20O365%20tenant%20I%20manage.%26nbsp%3B%20Every%20client%2C%20even%20my%20companies%20own%20tenant%2C%20the%20option%20to%20create%20these%20is%20gone%2C%20and%20no%20one%20can%20seem%20to%20figure%20out%20how%20to%20re-enable%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1385233%22%20slang%3D%22en-US%22%3ERe%3A%20Using%20SharePoint%20Client%20Side%20Object%20Model%20with%20PowerShell%20and%20Multifactor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1385233%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F440732%22%20target%3D%22_blank%22%3E%40clayosborn%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EGiven%20you're%20using%20App%20Passwords%2C%20I%20hope%20it's%20safe%20to%20assume%20you're%20using%20entirely%20sharepoint%20online.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20that%20assumption%20is%20correct%2C%20you%20can%20make%20use%20of%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fsharepoint-pnp%2Fconnect-pnponline%3Fview%3Dsharepoint-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fsharepoint-pnp%2Fconnect-pnponline%3Fview%3Dsharepoint-ps%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E------------------EXAMPLE%209------------------%3C%2FSTRONG%3E%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3EConnect-PnPOnline%20-Url%20https%3A%2F%2Fcontoso.sharepoint.de%20-AppId%20344b8aab-389c-4e4a-8fa1-4c1ae2c0a60d%20-AppSecret%20a3f3faf33f3awf3a3sfs3f3ss3f4f4a3fawfas3ffsrrffssfd%20-AzureEnvironment%20Germany%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESetting%20up%20Enterprise%20Applications%20within%20Azure%20AD%20is%20rather%20straight%20forward.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

There is a technique to connect to SharePoint Online with PowerShell when Multi-factor Authentication(MFA) is enabled.

https://technet.microsoft.com/en-us/library/fp161372.aspx

 

There is a very limited list of SharePoint Online cmdlets
https://technet.microsoft.com/en-us/library/fp161364.aspx

 

I would like to leverage the client side object model to access objects like the webs(spweb) and lists(splist).

https://dev.office.com/sharepoint/docs/sp-add-ins/complete-basic-operations-using-sharepoint-client-...

 

Is there a technique( or example) to use my identity/credentials after I have authenticated with Multifactor Authentication with Microsoft.SharePoint.Client.ClientContext?


7 Replies
Highlighted
Solution

Connecting to SharePoint Online using PnP PowerShell Connect-PnPOnline allows you to specify a UseWebLogin parameter. This allows you to connect with MFA enabled. Once connected you'd have many more cmdlets at your disposal

 

https://github.com/SharePoint/PnP-PowerShell

 

Hope this helps!

Highlighted

Would there happen to be a way to do this without the web login? Use case: automated PowerShell scripts running on a schedule where the service account also has MFA enabled. 

Highlighted

i was able to run my azure automation script that accesses an SPO tenant with CSOM + an account that has MFA authentication enabled by using the app password

https://support.office.com/en-us/article/create-an-app-password-for-office-365-3e7c860f-bda4-4441-a6...

i deleted the default app pass that was created, as it didn't seem to work in powershell, i found another post on tech community that describes the same problem

https://techcommunity.microsoft.com/t5/Identity-Authentication/Authenticating-to-O365-using-Powershe...

Highlighted
I also use an App Password and it works well.
Highlighted

Seems to work with the app password now. Thanks for the nudge!

Highlighted

@Trevor Seward

 

Worked great right up till the ability to create App Passwords disappeared from every O365 tenant I manage.  Every client, even my companies own tenant, the option to create these is gone, and no one can seem to figure out how to re-enable it.

Highlighted

@clayosborn 

Given you're using App Passwords, I hope it's safe to assume you're using entirely sharepoint online.

If that assumption is correct, you can make use of;

https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/connect-pnponline?view=sharepoint-...

 

------------------EXAMPLE 9------------------

Connect-PnPOnline -Url https://contoso.sharepoint.de -AppId 344b8aab-389c-4e4a-8fa1-4c1ae2c0a60d -AppSecret a3f3faf33f3awf3a3sfs3f3ss3f4f4a3fawfas3ffsrrffssfd -AzureEnvironment Germany

 

Setting up Enterprise Applications within Azure AD is rather straight forward.