No more broken scripts due to MFA – secure automation for SharePoint Online is finally here!
Admins can now use App-Only certificate-based authentication in SharePoint Online Management Shell to run scripts. This means no storing user credentials and no dependency on interactive MFA prompts.
This update eliminates the need for privileged user accounts in automation and ensures better compliance with zero-trust access models.
Note: A few APIs may still require a user token. In those cases, interactive authentication is still needed.
To enable,
1. Register the application in Microsoft Entra ID
2. Assign necessary API permissions
• Tenant Admin APIs require Sites.FullControl scope
• More granular scopes coming soon
• GCC High & DoD tenants may need app manifest edits
3. Create a self-signed certificate or obtain one from a CA
4. Upload the certificate to the Entra application
5. Update Connect-SPOService in your scripts to use the app identity
Message ID: MC1188595