The remote server returned an error: (401) Unauthorized with Microsoft Graph API permissions

Notice

Many bugs reported are actually related to the PnP Framework which is used behind the scenes. Consider carefully where to report an issue:

1. Are you using Invoke-PnPSiteTemplate or Get-PnPSiteTemplate? The issue is most likely related to the Provisioning Engine. The Provisioning engine is not located in the PowerShell repo. Please report the issue here: https://github.com/pnp/pnpframework/issues.
2. Is the issue related to the cmdlet itself, its parameters, the syntax, or do you suspect it is the code of the cmdlet that is causing the issue? Then please continue reporting the issue in this repo.
3. If you think that the functionality might be related to the underlying libraries that the cmdlet is calling (We realize that might be difficult to determine), please first double check the code of the cmdlet, which can be found here: https://github.com/pnp/powershell/tree/master/src/Commands. If related to the cmdlet, continue reporting the issue here, otherwise report the issue at https://github.com/pnp/pnpframework/issues

Reporting an Issue or Missing Feature

When I run the Get-PnPSite command, I get the error
Get-PnPSite : The remote server returned an error: (401) Unauthorized.

Expected behavior

Get-PnPSite command result

Actual behavior

Exception:
Message : The remote server returned an error: (401) Unauthorized.
Stacktrace : at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.SPWebRequestExecutor.d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContext.d__37.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContext.d__36.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContext.d__28.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContextExtensions.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.SharePoint.Client.ClientContextExtensions.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryRetry(ClientRuntimeContext clientContext, Int32 retryCount, String userAgent)
at PnP.PowerShell.Commands.Site.GetSite.ExecuteCmdlet()
at PnP.PowerShell.Commands.PnPSharePointCmdlet.ProcessRecord()
ScriptLineNumber : 1

Steps to reproduce behavior

1. Register Azure AD Application

2. Upload the certificate

3. Add Microsoft Graph "Sites.FullControl.All" API permission to the app
   

4. Execute Connect-PnPOnline command - Connect-PnPOnline -Url $SiteUrl -ClientId $ClientID -Thumbprint $Thubprint -Tenant $Tenant

5. Execute Get-PnPSite

It works fine if We use SharePoint API permission instead of Microsoft Graph

What is the version of the Cmdlet module you are running?

Version Name Repository Description

---

1.7.0 PnP.PowerShell PSGallery Microsoft 365 Patterns and Practices PowerShell Cmdlets

Which operating system/environment are you running PnP PowerShell on?

• [ x] Windows
• Linux
• MacOS
• Azure Cloud Shell
• Azure Functions
• Other : please specify

[gautamdsheth]

That is by design and not a bug.
These cmdlets require SharePoint permissions from Azure AD app for PnP site related commands.