PowerShell Join-PnPonline cmdlets referred to as SharePoint Patterns and Practices (PnP) for SharePoint On-line had been created by the neighborhood to function SharePoint On-line successfully.Â
The Consumer-Aspect Object mannequin code is utilized by PnP PowerShell internally for all of its actions. Through the use of PnP PowerShell’s built-in cmdlets and decreasing the complexity of scripting implementations, we are able to reduce the variety of traces in our scripts.Â
The Join-PnPonline PowerShell module is what permits customers and directors to speak with SharePoint On-line utilizing PowerShell. This module might be downloaded and put in from the PowerShell Gallery.
Set up the Join-PnPonline PowerShell module (PnP.PowerShell) through the use of the Set up-Module command listed under in a PowerShell window.
Set up-Module -Identify "PnP.PowerShell"
Use the Get-Module command to show the PnP PowerShell module data and confirm the set up.
Get-Module "PnP.PowerShell" -ListAvailableBecause of the truth that putting in the PnP PowerShell module doesn’t instantly hyperlink you to SharePoint on-line. Join-PnPOnline is the cmdlet that lets you join PowerShell to SharePoint On-line.Â
You may have two choices for authenticating with this cmdlet: interactive and non-interactive. The Join-PnPonline credentials have to be entered throughout authentication in interactive authentication.Â
This strategy is continuously used whereas performing sporadic or handbook chores.
Utilizing the Credential Immediate to Join
Credential prompts can be utilized to shortly set up a connection to SharePoint Join-PnPonline PowerShell.
To connect with PnP PowerShell utilizing a credential immediate, use the command under. MFA is incompatible with this interactive strategy.
Join-PnPOnline -Url https://<tenant_name>.sharepoint.com
Logging in with a Internet Browser
Including the -DeviceLogin or -Interactive change is one other interactive authentication approach. You may log in utilizing one in every of these switches in case your account has MFA enabled.
To finish the OAuth gadget code circulate, you could enter a code generated by the -DeviceLogin possibility onto an internet web page. This authentication methodology lets you proceed the authentication on a distinct machine gadget whenever you’re utilizing a consumer that doesn’t have an internet browser.
The -Interactive possibility runs an internet browser that requires your login data routinely.
Run the under command to start out interactive net browser authentication. Make sure that to substitute the SharePoint URL on your tenant.
# Generate a code to do the OAuth gadget code circulate.
Join-PnPOnline -Url https://.sharepoint.com -DeviceLogin
# Launche a browser to log in together with your credentials
Join-PnPOnline -Url https://.sharepoint.com -Interactive
Make sure that to write down down the produced code for those who used the -DeviceLogin change whereas operating the command.
Begin your browser, then navigate to https://microsoft.com/devicelogin. Copy the produced code, then paste it into the browser and select Subsequent.
Your browser is redirected to the Microsoft login web page after you submit the code.
As a substitute, Join-PnPonline PowerShell begins a brand new net browser and directs you to the Microsoft login web page for those who used the -Interactive change.
As normal, check in to your Microsoft 365 account. If the MFA problem is required on your account, end it.
To proceed, click on Settle for (bottom-right) on the Permissions Requested display screen.
Provided that your account is a world administrator will the Consent on behalf of your group field be displayed. Go away this field unchecked in order that different customers will nonetheless see the identical immediate and be capable of settle for the permission requests.
If you’ve completed the authentication course of, your browser will show the message under as affirmation that the authentication was profitable.
It’s doable to hook up with SharePoint Join-PnPonline PowerShell in interactive mode. However in automation cases the place manually coming into the credentials isn’t doable, reminiscent of in scripts and applications, the non-interactive strategy is right.Â
For OAuth authentication, this system makes use of a registered Azure AD app with specific permissions (default or customized).
Making a PnP PowerShell App Registration
It’s dangerous to make use of a Microsoft 365 account with out MFA.Making a PnP PowerShell App Registration
It’s dangerous to make use of a Microsoft 365 account with out MFA, particularly if the account has administrative rights. Alternatively, you can not automate an account that has MFA enabled.
The reply is so as to add specific permissions to an Azure AD app when registering it. To additional safety, the app should moreover help certificate-based authentication.
When utilizing Home windows, the Azure AD app for PnP PowerShell have to be registered.
1. Run the PowerShell script listed under so as to add a brand new app registration to Azure AD.
It’s optionally available, however strongly suggested, to supply a certificates password to safe the certificates. Take away the CertificatePassword argument for those who’d desire to not have a certificates password.
<# What is going to this code do?
- Launch a browser window, and open the `Interactive` log-in web page.
- Generate a certificates with the password `mycertpassword` and legitimate for one (1) yr.- Save the certificates recordsdata (*.cer, *.pfx) to `C:PnPcertificates`.
- Register a brand new app with the title `Pwsh PnP`.
- Add the certificates (*.cer) to the Azure app registration and assign the next default permissions: `Websites.FullControl.All`, `Group.ReadWrite.All`, `Person.Learn.All`.
- Retailer the app registration outcomes to the `$pnpApp` variable.
#>
$appSplat = @{
  ApplicationName   = 'Pwsh PnP'
  Tenant        = 'lzex.onmicrosoft.com'
  OutPath       = 'C:PnPcertificates'
  CertificatePassword = $(ConvertTo-SecureString -String 'mycertpassword' -AsPlainText -Power)
  Interactive     = $true
  ValidYears      = 1
}
$pnpApp = Register-PnPAzureADApp @appSplatHowever as a way to create a brand new app registration in Azure AD for those who’re utilizing Linux or Mac OS, comply with these directions:
To create a self-signed certificates, execute the next openssl command in PowerShell or Bash.
A brand new certificates that has the subject Pwsh PnP and a 365-day validity interval is created by this command. Pnp_certificate.pfx would be the title of the ultimate certificates file.
# Create a brand new listing to retailer your certificates
mkdir ~/certs && cd ~/certs
# Generate the certificates (legitimate for three hundred and sixty five days)
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out pnp_certificate.pem -subj '/CN=Pwsh PnP'
# Convert the certificates to a PKCS12 format with .PFX extension
openssl pkcs12 -inkey key.pem -in pnp_certificate.pem -export -out pnp_certificate.pfx -passout go:mycertpassword2. To register the brand new app, execute the PowerShell code under.
<# What is going to this code do?
- Launch a browser occasion for the `Interactive` login.
- Register a brand new Azure AD app named `Pwsh PnP` to the `lzex.onmicrosoft.com` tenant.
- Add the present `pnp_certificate.pfx` certificates to the Azure AD app registration.
- Assign the next default permissions: `Websites.FullControl.All`, `Group.ReadWrite.All`, `Person.Learn.All`.
- Retailer the app registration outcomes to the `$pnpApp` variable.
#>
$appSplat = @{
  CertificatePath = "pnp_certificate.pfx"
  CertificatePassword = $(ConvertTo-SecureString -String 'mycertpassword' -AsPlainText -Power)
  ApplicationName="Pwsh PnP"
  Tenant      = 'lzex.onmicrosoft.com'
  Interactive   = $true
}
$pnpApp = Register-PnPAzureADApp @appSplat3. Enter your login data within the pop-up window. Solely register the appliance utilizing this login occasion.
As illustrated under, the command will wait 60 seconds earlier than starting the consent circulate. Step 4: After beginning, the Microsoft login window seems.
To supply the app rights, check in together with your international admin account and click on Settle for. This login session is meant just for giving the app’s permissions.
Run the command listed under to view the variable and study the brand new app’s particulars.
$pnpApp
