#Script is used to test that sharepoint site gets connected with Azure AD app registration client id and secret. $abc=Connect-PnPOnline -Url "https://miracl.sharepoint.com/sites/testsite-2" -ClientId "920cf67c-2973-423a-b419-" -ClientSecret "Rol8Q~WyNV_fA0IdCXWfyl5hhq2V5LA5_PMBLakt" Get-PnPWeb New-PnPList -Title "Contoso AD App List" -Template GenericList
Thursday, December 21, 2023
Connect SharePoint site with Azure AD app registration client id and secret
Azure AD APP API Sites.Selected - 2
#Get-InstalledModule -Name "PnP.PowerShell" #Uninstall-Module -Name PnP.PowerShell #Install-Module -Name PnP.PowerShell -RequiredVersion 1.12.0 #Get-Command -Module PnP.Powershell #Update-Module -Name "PnP.PowerShell" #Script reads a csv file name "file.csv" having threee columns SiteURL,AppID and AppDisplayName
#Script grant Azure AD App having API sites.selected to access SharePoint site with "FullControl" permission.try { $csvData = Import-Csv -Path "file.csv" # Get the current date and time $timestamp = Get-Date -Format "yyyyMMdd-HHmmss" foreach ($row in $csvData) { $siteURL = $row.SiteURL $appID = $row.AppID $appDisplayName = $row.AppDisplayName $displayNameConcatenated = "$appID - $appDisplayName" Connect-PnPOnline -Url $siteURL -Interactive # Grant Write permissions to the Azure AD app on the site Grant-PnPAzureADAppSitePermission -AppId $appID -DisplayName $displayNameConcatenated -Site $siteURL -Permissions Write # Fetch Permission ID $PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $appID # Set permissions to FullControl using the fetched permission ID Set-PnPAzureADAppSitePermission -Site $siteURL -PermissionId $($PermissionId.Id) -Permissions "FullControl" # Construct the filename with a timestamp $filename = "Success-AzureADAppSitePermissions_$timestamp.txt" # Retrieve Azure AD app permissions for the site and store the output in a file $permissionOutput = Get-PnPAzureADAppSitePermission -Site $siteURL $permissionOutput | Out-File -FilePath $filename -Encoding UTF8 -Force # Completion message in green Write-Host "Script executed successfully!" -ForegroundColor Green } } catch { # Display error message in red Write-Host "An error occurred: $($_.Exception.Message)" -ForegroundColor Red # Log error to a separate file $errorLogFilename = "ErrorLog_$timestamp.txt" $_.Exception.Message | Out-File -FilePath $errorLogFilename -Encoding UTF8 -Force }
Thursday, February 9, 2023
Azure AD APP API Sites.Selected
This is always an issue to control SharePoint sites permission access. If this is for the user or the Application.
User permission can be controlled by SharePoint permission list but Application permission can not be controlled directly and that is possible from the Application configuration through graph API .
1) Select sites.selected from API for requested App
2) Run PS script to allow respective app to connect with specific SharePoint site with provided roles only
Install-Module -Name PnP.PowerShell -RequiredVersion 1.12.0
Install-Module PnP.PowerShellc Get-Command -Module PnP.Powershell
#Connect with PnP online # NO WEBLOGIN This will work with Get-Credential ONLY having Global Admin rights Connect-PnPOnline -Url "https://miracl.sharepoint.com/sites/testsite-1/" -Credential (Get-Credential) #Get All Lists Get-PnPList 1) Approach-1
Grant-PnPAzureADAppSitePermission -AppId 'e5b3606c-341c-492f-8b65-e109c94be' -DisplayName 'TESTSP' -Site 'https://miracl.sharepoint.com/sites/testsite-1' -Permissions Write Grant-PnPAzureADAppSitePermission -AppId 'e5b3606c-341c-492f-8b65-e109c94be' -DisplayName 'TESTSP' -Site 'https://miracl.sharepoint.com/sites/testsite-1' -Permissions Read
here -DisplayName can be any name , just to recognize the configured appbelow command will confirm the applied changes.Get-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1
2) Approach-2
Need to execute two commandlets. First grant Read or Write permissions. Then update it to Manage or FullControl
https://www.blimped.nl/running-application-with-limited-sharepoint-permissions/https://www.leonarmston.com/2022/01/pnp-powershell-csom-now-works-with-sharepoint-sites-selected-permission-using-azure-ad-app/$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity e5b3606c-341c-492f-8b65-e109c94be # $PermissionId will return ID, Roles and Apps name and ID
Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "FullControl" Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "Read" Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "Write" Set-PnPAzureADAppSitePermission -Site https://miracl.sharepoint.com/sites/testsite-1 -PermissionId $(($PermissionId).Id) -Permissions "Manage"
Revoke the Access
Connect-PnPOnline -Url $siteURL -Interactive
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $appID
Revoke-PnPAzureADAppSitePermission -PermissionId $PermissionId.Id -Force
Test with Client ID and Secret
$abc=Connect-PnPOnline -Url "https://miracl.sharepoint.com/sites/testsite-2" -ClientId "920cf67c-2973-423a-b419-" -ClientSecret "Rol8Q~WyNV_fA0IdCXWfyl5hhq2V5LA5_PMBLakt"
Get-PnPWeb
New-PnPList -Title "Contoso AD App List" -Template GenericList
###################Complete Script is mentioned in another blog###################
Subscribe to:
Posts (Atom)