Since the 3.0.x version of the PNP module, you don’t have the -UseWebLogin switch anymore when using Connect-PnPOnline.
So, let’s connect using a self-signed certificate instead.
Here’s how to do it:
- Create a self-signed certificate:
Note: you need to have the PNP.PowerShell module installed before running the below cmdlets.
|
1 |
$cert = New-PnPAzureCertificate -OutPfx pnpappcert.pfx -OutCert pnpappcert.cer -CertificatePassword (ConvertTo-SecureString -String "YourStrongPassword" -AsPlainText -Force) |
This command creates:
pnpappcert.pfx: the private certificate used by your script
pnpappcert.cer: the public certificate to upload to Entra ID
Note: The password is required later to use the .pfx
2. Register an app in Entra ID
- Go to: https://entra.microsoft.com
- Navigate to “App registrations” > “New registration”
Fill in:
Name: PnPApp
Supported account types: Single tenant is OK
Redirect URI: Leave blank for now
Click Register
3. Upload the Public Certificate to the App
In the app registration panel:
Go to Certificates & secrets
Choose Certificates (Upload) → Upload pnpappcert.cer
4. Assign API Permissions
-
In the app registration:
-
Go to API permissions
-
Click Add a permission
-
Choose SharePoint > Application permissions
-
Check:
-
Sites.Read.All -
Sites.FullControl.All(if needed)
-
-
Click Add permissions
-
-
Then click Grant admin consent
Note: you can grant additional permissions. Here’s a screenshot of what I used:
5. Connect using you certificate and APPId
|
1 2 3 4 5 |
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" ` -ClientId "YOUR-APP-ID" ` -Tenant "yourtenant.onmicrosoft.com" ` -CertificatePath "C:\Path\To\pnpappcert.pfx" ` -CertificatePassword (ConvertTo-SecureString "YourStrongPassword" -AsPlainText -Force) |
Enjoy!