Last active
September 19, 2024 16:08
-
-
Save tmaestrini/d1110a325f079d66a3498e303aeca078 to your computer and use it in GitHub Desktop.
Connect to a SPO resource within a given tenant through the new Connect-PnPOnline authentication mechanism (started from September 9, 2024). The script checks first if there's an appropriate app registered in Entra ID and gets the according client id; if not, the app will be registered and connect to the given url on the appropriate tenant.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Make sure you have installed the following Azure module to check for an existing PnP.Powershell app registration: | |
| # - Az.Accounts | |
| # – Az.Resources | |
| function Connect-PnPOnlineTenant { | |
| [CmdletBinding()] | |
| [OutputType([void])] | |
| Param | |
| ( | |
| [Parameter(Mandatory = $true, | |
| HelpMessage = "The Url of the site collection or subsite to connect to")][string] $Url, | |
| [Parameter(Mandatory = $false, | |
| HelpMessage = "The name of the registered app in Entra ID; default is 'PnP.PowerShell'")][string] $AppName = "PnP.PowerShell" | |
| ) | |
| # Extract the tenant from the URL: | |
| $tenantName = [regex]::Match($Url, "https://([^.\\-]*).*").Groups[1].Value | |
| # Connect to Azure if the tenant is different than the last one: | |
| if($Global:TenantName -ne $tenantName) { | |
| $Global:TenantName = $tenantName | |
| Connect-AzAccount -Tenant "$($TenantName).onmicrosoft.com" | |
| # Check if the app 'PnP.PowerShell' (or the one you specified) is already registered: | |
| $Global:testAppIsInstalled = Get-AzADApplication -DisplayNameStartWith $AppName | |
| } | |
| # If the app is not yet registered in Entra ID, it will be registered now: | |
| if (!$Global:testAppIsInstalled) { | |
| Write-Log -Message "Registering a new application '$($AppName)' in Entra ID that will work as authentication mechanism for PnP.PowerShell" | |
| Register-PnPEntraIDAppForInteractiveLogin -ApplicationName $AppName -Tenant "$Tenant.onmicrosoft.com" -Interactive | Out-Null | |
| Write-Host "Please consent the app in the browser before you proceed to login." | |
| Write-Host "Proceeding without consent will cause authentication failure." | |
| Write-Host "👉 Press any key to continue after you have given consent to the '$($AppName)' app..." | |
| $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | Out-Null | |
| $Global:testAppIsInstalled = Get-AzADApplication -DisplayNameStartWith $AppName | |
| } | |
| elseif ($Global:testAppIsInstalled.Length -gt 1) { | |
| Write-Log -Message "Found more than one application '$($AppName)' in Entra ID. Please delete the extra ones before you proceed to login." | |
| exit | |
| } | |
| # Connect to the tenant via PnP Online: | |
| Connect-PnPOnline -ClientId $Global:testAppIsInstalled.AppId -Url $Url -Interactive | |
| } | |
| # EXAMPLE: Connect to the tenant via PnP Online | |
| Connect-PnPOnlineTenant -Url "https://<yourtenant>-admin.sharepoint.com/" # optional: -AppName "PnP.PowerShell" accepts the name of the app you want to use | |
| Get-PnPWeb |
Amazing code. Learned new things, reading it. Thanks a lot.
Thank you very much, @murchelon! Glad it helped.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Amazing code. Learned new things, reading it. Thanks a lot.