PnP.PowerShell App Registration

Hi there, SharePoint enthusiasts! I want to share the manual on how to correctly configure the PnP.PowerShell app in Entra ID.

Prerequisites

• Global Administrator access to your Microsoft 365 tenant
• Windows 10/11 operating system

Installation Steps

Step 1: Install PowerShell 7

PowerShell 7 is required for compatibility with the latest PnP.PowerShell module. If PowerShell 7 is not installed, you can install it using the Windows Package Manager (winget):

winget install --id Microsoft.PowerShell --source winget

💡 Note: After installation, close any existing PowerShell windows and launch PowerShell 7 from the Start menu.

Step 2: Install PnP.PowerShell Module

Launch PowerShell 7 and run:

Install-Module PnP.PowerShell -AllowClobber -Scope CurrentUser

When prompted:

• Select [Y] Yes to install from PSGallery
• Wait for the installation to complete

Step 3: Register the Azure App

Create a new Azure App registration with the following command:

Register-PnPEntraIDAppForInteractiveLogin -ApplicationName "PnP.PowerShell v2" -Tenant yourtenant.onmicrosoft.com

💡 Important: Replace yourtenant.onmicrosoft.com with your actual tenant domain.

Step 4: Authentication and Consent

1. A browser window will open automatically
2. Sign in with your Global Administrator account
3. Review the requested permissions
4. Click Accept to grant consent for your organization

Permissions Granted

The app registration will request the following permissions:

• User.Read - Sign in and read user profile
• Sites.FullControl.All - Full control of all site collections
• Group.ReadWrite.All - Read and write all groups
• TermStore.ReadWrite.All - Read and write term store data

Step 5: Document the Application ID

After successful registration, PowerShell will display your Application (Client) ID:

Important: Save this ID in a secure location. You’ll need it for all future connections.

Step 6: Test the Connection

Verify your setup by connecting to SharePoint Online:

# Store your App ID in a variable
$AzureAppId = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

# Connect to SharePoint Online
Connect-PnPOnline https://yourtenant.sharepoint.com -Interactive -ClientId $AzureAppId

# Test the connection
Get-PnPSite

Replace:

• XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX with your actual Azure App ID
• yourtenant with your tenant name

Bonus: Grant Sites.Selected permission to the specific app for a specific SharePoint Site

Grant-PnPAzureADAppSitePermission -AppId "XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" -DisplayName "App Name" -Permissions FullControl -Site https://[Tenant].sharepoint.com/sites/SITE_URL

Read more about Grant-PnPAzureADAppSitePermission