Skip to content

Getting Started

Jump to bottom
Takashi Shinohara edited this page Aug 31, 2021 · 1 revision

Register Application

Before you begin, ensure that you have access to the Azure Portal and appropriate permissions to register applications in your Microsoft Entra ID tenant. Registering a Microsoft Entra ID application is required to enable secure authentication and authorization for your SharePoint Service Module for PowerShell. This process involves creating an application registration, configuring permissions, and obtaining essential identifiers such as the Application (client) ID. These steps lay the foundation for enabling both administrative and user-level access to SharePoint resources through PowerShell, while maintaining security and compliance within your organization.

  1. Access the Azure Portal.

  2. Click Microsoft Entra ID - App registrations - New registration.

  3. Enter the information and click Register.

Name Value
Name SharePoint Service Module for PowerShell
Supported account types Single tenant
  1. In Overview, copy the Application (client) ID.

User Login

Admin Mode

Admin mode grants users full administrative privileges within the tenant. This includes the ability to manage all SharePoint sites, access and modify term stores, and read user information across the organization. Admins can perform tasks such as site creation, permission management, and configuration changes that affect all users and resources in the tenant. Use admin mode only when elevated permissions are required, as it provides broad access to sensitive data and settings.

  1. In the Microsoft Entra ID application, click Manage - API permissions.

  2. Click Add a permission.

  3. Select permissions and click Add permissions.

API Type Permission
SharePoint Delegated AllSites.FullControl
SharePoint Delegated TermStore.ReadWrite.All
SharePoint Delegated User.Read.All
  1. Click Grant admin consent for ....

User Mode

User mode allows users to perform operations within the scope of their own permissions. In this mode, users can manage SharePoint sites and resources to which they have access, but cannot perform tenant-wide administrative tasks. User mode is suitable for scenarios where elevated privileges are not required, ensuring that actions are limited to the user's own data and resources.

  1. In the Microsoft Entra ID application, click Manage - API permissions.

  2. Click Add a permission.

  3. Select permissions and click Add permissions.

API Type Permission
SharePoint Delegated AllSites.Manage

Service Principal Login

Service principal login enables automated, non-interactive access to SharePoint resources using an identity created for applications or services, rather than individual users. This approach is ideal for scenarios such as scheduled tasks, background jobs, or CI/CD pipelines where user interaction is not possible or desired. By leveraging a service principal, you can securely authenticate and authorize your application to perform operations in SharePoint with the permissions assigned to the service principal.

Upload Certificate

  1. Prepare a certificate file.

  • If your OS is Windows, you can use the New-SelfSignedCertificate cmdlet in Windows PowerShell.

    $cert = New-SelfSignedCertificate -DnsName '<domain-name>' -NotBefore (Get-Date) -NotAfter (Get-Date).AddDays(365) -CertStoreLocation 'cert:\CurrentUser\My'
Export-Certificate -Cert $cert -FilePath '<file-name>.cer'
Export-PfxCertificate -Cert $cert -FilePath '<file-name>.pfx' -Password (ConvertTo-SecureString -String '<password>' -AsPlainText -Force)

  • If your OS is macOS or Linux, you can use OpenSSL.

    openssl genrsa -out <file-name>.key 2048
openssl req -x509 -nodes -new -keyout <file-name>.key -out <file-name>.crt -days 365 -subj /CN=<domain-name>

  1. In the Microsoft Entra ID application, click Manage - Certificates & secrets.

  2. Click Upload certificate and upload the certificate file you created, click save.

Add Permissions

  1. In the Microsoft Entra ID application, click Manage - API permissions.

  2. Click Add a permission.

  3. Select permissions and click Add permissions.

API Type Permission
SharePoint Application Sites.FullControl.All
SharePoint Application TermStore.ReadWrite.All
SharePoint Application User.Read.All

Clone this wiki locally