-
Notifications
You must be signed in to change notification settings - Fork 665
Connect options
This page is still work in progress and not yet completed
PnP PowerShell offers many ways to connect to an environment. This page provides guidance on the various options you have and how they can be used against which environment(s).
| Option | SPO | SP On-Prem | MS Graph API | Management API |
|---|---|---|---|---|
| Connect interactively using WebLogin supporting MFA | X | |||
| Connect interactively using scopes | X* | X* | ||
| Connect using scopes and credentials | X* | X* | ||
| Connect using a ClientId and certificate from the Windows Certificate Management store | X | X | X | |
| Connecting using a ClientId and PFX certificate stored on your local machine | X | X | X | |
| Connecting using a ClientId and PEM certificate provided as a string | X | X | X | |
| Connecting using a ClientId and a certificate instance | X | X | X | |
| Connecting using a ClientId and a base64 encoded certificate | X | X | X | |
| Connect using ClientId, ClientSecret and SharePoint URL | X | X | X | |
| Connect using ClientId, ClientSecret and AADDomain | X | X | ||
| Connect by providing credentials without MFA | X | X | ||
| Connect by using the current credentials | X | |||
| Connect using the SPO Management Shell | X | |||
| Connect using the PnP O365 Management Shell (Device Login) | X | |||
| Connect using credentials from the Windows Credential Store | X | |||
| Connect by providing an access token | X** | X** | ||
| Connect using a High Trust with a PFX certificate | X | |||
| Connect through ADFS using credentials | X | ? | ||
| Connect through ADFS using a certificate | X | ? | ||
| Connect using Forms Authentication | ? |
* = depends on the scopes you provide
** = depends on for which API you have provided the token
? = could\should work, but has not been tested yet
One of the easiest methods to use. Will log you in interactively by showing a browser screen. Supports multi factor authentication.
| Platform | Supported |
|---|---|
| SharePoint Online | Yes |
| SharePoint 2013 | No |
| SharePoint 2016 | No |
| SharePoint 2019 | No |
| Microsoft Graph API | No |
| Office 365 Management API | No |
Connect-PnPOnline -Url https://tenant.sharepoint.com -UseWebLoginAllows specifying custom security scopes for Microsoft Graph and the Microsoft Office 365 Management API to use to connect. It will assign these permissions to an application registration in your Azure Active Directory with the client id bb0c5778-9d5c-41ea-a4a8-8cd417b3ab71 named PnP.PowerShell. It will show a web browser dialog through which you can log on, so this cannot be used in an automated script execution without any user intervention. If you would like to use it in a way that doesn't require user interaction, have a look at using Connect using scopes and credentials. Cannot be used to connect with SharePoint.
| Platform | Supported |
|---|---|
| SharePoint Online | No |
| SharePoint 2013 | No |
| SharePoint 2016 | No |
| SharePoint 2019 | No |
| Microsoft Graph API | Yes |
| Office 365 Management API | Yes |
Connect-PnPOnline -Scopes "Group.Read.All","ActivityFeed.Read"Allows specifying custom security scopes for Microsoft Graph and the Microsoft Office 365 Management API along with a username and password to use to connect without requiring any user interaction. This can be used in automated script executions, but does require an account without Multi Factor Authentication enabled on it. The user with who you log on with must have the permissions requested through -Scopes allowed for it in the Azure Active Directory Enterprise Application registration with the client id bb0c5778-9d5c-41ea-a4a8-8cd417b3ab71 named PnP.PowerShell. Cannot be used to connect with SharePoint.
| Platform | Supported |
|---|---|
| SharePoint Online | No |
| SharePoint 2013 | No |
| SharePoint 2016 | No |
| SharePoint 2019 | No |
| Microsoft Graph API | Yes |
| Office 365 Management API | Yes |
Connect-PnPOnline -Scopes "Group.Read.All","ActivityFeed.Read" -Credentials (New-Object System.Management.Automation.PSCredential ("johndoe@contoso.onmicrosoft.com", (ConvertTo-SecureString "password" -AsPlainText -Force)))Allows using an Azure Active Directory app registration from your own Azure Active Directory with a certificate to connect. The thumbprint should point to the private key certificate stored in either the local machine or current user certificate store of Windows. This is the safest method of connecting.
You can use Initialize-PnPPowerShellAuthentication -ApplicationName "PnP PowerShell" -Tenant yourtenant.onmicrosoft.com -Store CurrentUser to automatically create a public/private key pair and an Azure Active Directory app registration which you can directly start using with this connect method. More information.
| Platform | Supported |
|---|---|
| SharePoint Online | Yes |
| SharePoint 2013 | No |
| SharePoint 2016 | No |
| SharePoint 2019 | No |
| Microsoft Graph API | Yes |
| Office 365 Management API | Yes |
Connect-PnPOnline -ClientId fa1a81f1-e729-44d8-bb71-0a0c339c0f62 -Url https://tenant.sharepoint.com -Tenant tenant.onmicrosoft.com -Thumbprint 91429c0e80268aeb4415c23a169dd04848b4d158Allows using an Azure Active Directory app registration from your own Azure Active Directory with a certificate to connect. The private key certificate, typically the .pfx file, should be accessible on your local machine. Provide the password with which it has been exported.
You can use Initialize-PnPPowerShellAuthentication -ApplicationName "PnP PowerShell" -Tenant yourtenant.onmicrosoft.com -OutPath c:\ -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) to automatically create a public/private key pair and an Azure Active Directory app registration which you can directly start using with this connect method. More information.
| Platform | Supported |
|---|---|
| SharePoint Online | Yes |
| SharePoint 2013 | No |
| SharePoint 2016 | No |
| SharePoint 2019 | No |
| Microsoft Graph API | Yes |
| Office 365 Management API | Yes |
Connect-PnPOnline -ClientId fa1a81f1-e729-44d8-bb71-0a0c339c0f62 -Url https://tenant.sharepoint.com -Tenant tenant.onmicrosoft.com -CertificatePath 'c:\PnP PowerShell.pfx' -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force)