SOLVED

Using SharePoint Client Side Object Model with PowerShell and Multifactor Authentication

Highlighted
Contributor

There is a technique to connect to SharePoint Online with PowerShell when Multi-factor Authentication(MFA) is enabled.

https://technet.microsoft.com/en-us/library/fp161372.aspx

 

There is a very limited list of SharePoint Online cmdlets
https://technet.microsoft.com/en-us/library/fp161364.aspx

 

I would like to leverage the client side object model to access objects like the webs(spweb) and lists(splist).

https://dev.office.com/sharepoint/docs/sp-add-ins/complete-basic-operations-using-sharepoint-client-...

 

Is there a technique( or example) to use my identity/credentials after I have authenticated with Multifactor Authentication with Microsoft.SharePoint.Client.ClientContext?


7 Replies
Highlighted
Best Response confirmed by Chris Stewart (Contributor)
Solution

Connecting to SharePoint Online using PnP PowerShell Connect-PnPOnline allows you to specify a UseWebLogin parameter. This allows you to connect with MFA enabled. Once connected you'd have many more cmdlets at your disposal

 

https://github.com/SharePoint/PnP-PowerShell

 

Hope this helps!

Highlighted

Would there happen to be a way to do this without the web login? Use case: automated PowerShell scripts running on a schedule where the service account also has MFA enabled. 

Highlighted

i was able to run my azure automation script that accesses an SPO tenant with CSOM + an account that has MFA authentication enabled by using the app password

https://support.office.com/en-us/article/create-an-app-password-for-office-365-3e7c860f-bda4-4441-a6...

i deleted the default app pass that was created, as it didn't seem to work in powershell, i found another post on tech community that describes the same problem

https://techcommunity.microsoft.com/t5/Identity-Authentication/Authenticating-to-O365-using-Powershe...

Highlighted
I also use an App Password and it works well.
Highlighted

Seems to work with the app password now. Thanks for the nudge!

Highlighted

@Trevor Seward

 

Worked great right up till the ability to create App Passwords disappeared from every O365 tenant I manage.  Every client, even my companies own tenant, the option to create these is gone, and no one can seem to figure out how to re-enable it.

Highlighted

@clayosborn 

Given you're using App Passwords, I hope it's safe to assume you're using entirely sharepoint online.

If that assumption is correct, you can make use of;

https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/connect-pnponline?view=sharepoint-...

 

------------------EXAMPLE 9------------------

Connect-PnPOnline -Url https://contoso.sharepoint.de -AppId 344b8aab-389c-4e4a-8fa1-4c1ae2c0a60d -AppSecret a3f3faf33f3awf3a3sfs3f3ss3f4f4a3fawfas3ffsrrffssfd -AzureEnvironment Germany

 

Setting up Enterprise Applications within Azure AD is rather straight forward.