Closed JulienValentin78 closed 2 years ago
Up please !
Hi
The permissions for app are located here: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread#setting-up-an-azure-ad-app-for-app-only-access
which is:
Permission for "-SharePointApplicationPermissions" parameter to "Sites.FullControl.All". If you dont specify a default set will be created.
Following the examples in the already mentioned cmdlet in your post.
The issue is that doesn't work... The App is not created in Azure so It's impossible to assign or change permission. What are the cmdlets necessary to create ? The first mentionned in documentation are giving me this error message
How can I create the application ? What are the last cmdlet to use ?
Hi Julien,
The instructions on the documentation site, are related to the older PowerShell library, the new cmdlets in PnP.PowerShell module are different and documentation site may need some additional edits to provide better help.
The new cmdlet | Register-PnPAzureADApp is the one to use if you are using PnP.PowerShell Module.
This is an extract from a blog post I wrote on tech community:
To set up the app quickly with PnP PowerShell, you need to use a Windows machine to run the cmdlet "Register-PnPAzureApp" which generates the certificate, creates the Azure AD app, sets API permissions, will pop up to consent to the app permissions.
Note: you may have to install the PnP PowerShell locally if you do not already have it.
To set up the app, run the following command using the PnP PowerShell cmdlet:
$result = Register-PnPAzureADApp -ApplicationName "PnP PowerShell Azure Shell Access" -Tenant yourtenant.co.uk -OutPath .\ -DeviceLogin -ValidYears 2 -CertificatePassword (ConvertTo-SecureString -String "yourpassword" -AsPlainText -Force)
$result #output the result – Specifically grab the AzureAppId/ClientId – you will need this later
During this operation, two windows will pop-up to authenticate with the device login method and consent to the app permissions. Ensure you are a Global Administrator to install and CONSENT the app.
If you want to check the app in Azure AD, navigate to: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps and find the app called "PnP PowerShell Azure Shell Access"
Note: This app uses the minimum API permissions (APPLICATION) as the default; if you want to perform operations with groups or flow as an example, you will need to add these permissions to the app.
For more details on generating the app, check out the authentication section of the documentation.
Thanks Paul, I will take a look on this. Best regards
Hi Team,
I have an issue with my customer. We are trying to launch the assessment on my CX tenant but we have a big issue : we are unable to create an Azure AD App. Folowing the documetnation and step by step guidance but we have some PowerShell issue : cmdlet outdated, not righ cmdlet but we just follow the official documentation...
So, we look to new cmdlet in this page : https://pnp.github.io/powershell/cmdlets/Register-PnPAzureADApp.html#-devicelogin
But, what are exactly the right parameter to use ? We found nothing and have some other issues...
So, could you help me with right process to register and execute assessment on whole tenant ? How can I create a Azure AD App dedicated to SP Modernization Scanner ?
Many thanks