Is it possible to use connect-sposervice with appId and app secret?

1
votes

Is it possible to use the Connect-SPOService cmdlet with an application identifier & secret? I need to get information about site collections within an azure function that are only available through the get-sposite cmdlet.

I'm trying to set up an Azure Function that uses the SharePoint Online PowerShell module to report all site collections that have external sharing enabled. As I don't want to include my personal credentials in this Azure Function I set up an application identifier in Azure AD. I am able to use this app id with the PnP Cmdlets (connect-pnponline -appid ...) but the pnp command get-pnpsite do not return the needed detail information.

Below is the code with pnp framework, where all Sharing* properties are empty.

Connect-PnPOnline -AppId $appid -AppSecret $appsecret -Url $adminUrl

$content = @()
Get-PnPTenantSite -Filter "Url -notlike ""*/personal*""" | ? {$_.SharingCapability -ne "Disabled" } | % {
    $connection = Connect-PnPOnline -ReturnConnection -Url $_.url -AppId $AppId -AppSecret $AppSecret
    $site = Get-PnPSite -Connection $connection; 
    $content += @{
        title= $site.Title; 
        url=$site.Url; 
        owner=$site.Owner; 
        SharingCapability=$site.SharingCapability; 
        SharingDomainRestrictionMode=$site.SharingDomainRestrictionMode; 
        SharingAllowedDomainList=$site.SharingAllowedDomainList; 
        SharingBlockedDomainList=$site.SharingBlockedDomainList}
}

This Code works, but needs actural user credentials:

param (
    # Parameter help description
    [Parameter(Mandatory=$true)]
    [string]$TenantName,
    # Parameter help description
    [Parameter(Mandatory=$true)]
    [string]$DestinationPath
)

$dateStr = Get-Date -Format yyyy-MM-dd_HH-mm-ss
$filename = "ExternalSharingReport_$dateStr.csv"
$content = @()

$adminUrl = "https://$TenantName-admin.sharepoint.com"
Connect-SPOService -Url $adminUrl

$content += "Title; Url; Owner; SharingCapability; SharingDomainRestrictionMode; SharingAllowedDomainList; SharingBlockedDomainList"
Get-SpoSite | ? {$_.Url -notlike "*/personal*" -AND $_.SharingCapability -ne "Disabled" } | % {
    $site = Get-SPOSite $_.url; 
    $content += "$($site.Title); $($site.Url); $($site.Owner); $($site.SharingCapability); $($site.SharingDomainRestrictionMode); $($site.SharingAllowedDomainList); $($site.SharingBlockedDomainList)"
}
$completPath = Join-Path -Path $DestinationPath -ChildPath $filename
$content > $completPath

I would expect to be able to use the default cmdlet like this: Connect-SPOService $adminUrl -AppId $appId -AppSecret $appSecret

1
powershellsharepointsharepoint-online
Hi David, did you ever solve this one? I'm trying to use the SP Online cmdlets in an Azure function (not PNP) and I can't connect at all...j.strugnell
same problem hereAlberto S.

1 Answers

0
votes

You have to grant permission to the app.

Either at site collection level or at tenant level.

Grant permission at site collection level :

  1. Open https://yourtenant.sharepoint.com/sites/yoursite/_layouts/15/appinv.aspx
  2. Paste your cilent ID in the first field and click Lookup. It should autopopulate the otherfields
  3. Paste the app permission request in the later field. It may vary depending on the permission you want to give. Do not forget to grant AppOnly authentication. Ex: full trust on the site collection :
<AppPermissionRequests AllowAppOnlyPolicy="true">    
  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />    
</AppPermissionRequests>

Grant to tenant level

  1. Same as above, but using https://yourtenant-admin.sharepoint.com/_layouts/15/appinv.aspx
  2. Full control in the whole tenant request is :
<AppPermissionRequests AllowAppOnlyPolicy="true">    
  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />   
</AppPermissionRequests>