As of the 9th September 2024, the multi-tenant PnP Management Shell Entra ID App that you may have had on your Microsoft 365 Tenant has been deleted. This application could normally be found in your Enterprise Applications in your Microsoft Entra Admin Center.
NOTE: If you don't see this particular name "PnP Management Shell" this may also be under the following name "PnP Office 365 Management Shell".
This application was very useful if you needed to run specific PnP PowerShell scripts or commands against your Tenant and connecting via an interactive log on.
To be able to do this again you will now how have to Register your own Entra ID Application that will require you to enter your credentials and comply with any multi-factor authentication and conditional access policies, set up in your tenant to connect to your environment.
You will need Global Admin permissions on the tenant to carry out the full App registration.
Manually Create an App Registration
- Open the Entra ID Portal in your browser (https://entra.microsoft.com) with an account that has sufficient permissions to register an application.
- From the left navigation Menu go to: Identity - Applications - App Registration. In the main section click on New registration.
- Enter a Name for the app and leave the rest of the default settings as indicated below. Then click on Register.
- Once the Application has been registered in your Tenant, you should access Authentication in the left navigation pane under Manage. Under Platform Configurations click on Add a platform.
- In the Configure platform side navigation panel on the right click on Mobile and desktop applications.
- In the Configure Desktop + devices panel that appears on the right, enter http://localhost in the Custom redirect URIs. Do not check any of the boxes that appear in this section. Then click the Configure button.
- From the App you have created, go to API permissions under Manage. You will need configure the necessary permissions you will require to execute your PnP PowerShell commands and scripts. This is very much dependent on the scripts and commands you normally run. The below image shows the default permissions set for a newly registered Entra App.
NOTE: The above image, the default permission that appears can be deleted if you feel this isn't needed. In the next section we will go over how to check your original permissions in the multi tenant application so you can apply these to this new registered app.
Review Permissions Used in the Multi Tenant PnP Management Shell App
If until the 9th of September 2024 you were using the multi-tenant PnP Management Shell App to interactively sign in, you can check the permissions you had assigned to this Enterprise Application and assign these same permissions to the Registered App. To do this:
- Open the Entra ID Portal in your browser (https://entra.microsoft.com) with an account that has sufficient permissions to register an application.
- From the left navigation Menu go to: Identity - Applications - Enterprise applications. In the main section Search for any Application that begins with the words PnP Management or PnP Office 365. You will have to remove the Application Type == Enterprise Applications filter that appears by default.
Once the filter is removed you should see the original application appear in the search results. The Application ID for this multi-tenant app is unique, so can be used to identify the correct application. Click on the Application. - Once the application is opened go to Permissions under Security. You will see the corresponding Permissions that you were using for this application and these same permission can be applied to the Registered App created in the previous section.
- To add these permissions to the registered app, go back to API Permissions under Manage and click on Add a Permission to reproduce each of the necessary permissions.
- Select the API that is needed from Microsoft APIs, APIs my organization uses or My APIs from the navigation pane that appears on the right. In the below image I will be using the SharePoint API.
- Then select Delegated permissions and the specific permission(s) that are needed for the selected API. Once all the permissions have been selected for this API click on Add Permissions.
- Once all the permissions have been added a user with Global Admin permissions will be required to click Grant admin consent for <Organization>.
A confirmation will be requested. Click Yes.
Permission status will change to Granted for the Permissions.
Connect Using PnP PowerShell with Interactive Authentication
Once the PnP Application has been registered and configured you can now Connect to your Environment. To test this open PowerShell and type:
Connect-PnPOnline https://<tenant>.sharepoint.com -Interactive -ClientId <Entra ID Registered Application>
To connect to the sharepoint admin center:
Connect-PnPOnline https://<tenant>-admin.sharepoint.com -Interactive -ClientId <Entra ID Registered Application>
Remember to access the value needed for the -ClientID parameter you will need to open the Registered App and in Overview you will see the Application (client) ID GUID value.
Below screen shot shows the above command connecting from PowerShell and running the Get-PnPTenantSite Command that lists all SharePoint Sites.
Comments
0 comments
Article is closed for comments.