• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

westerdale.blog

A SharePoint Consultant's Journey, On The Road to Collaboration

  • Home
  • Developer
  • Office 365
    • SharePoint
    • Governance
    • Roadmaps
      • SharePoint Roadmap
      • Microsoft Teams Roadmap
      • OneDrive for Business Roadmap
  • PowerPlatform
  • Keeping Fit
    • Cycling
      • Walsgrave rides
      • Sa Calobra 2020
  • About
    • Contact
    • Experience & Skills
You are here: Home / SharePoint / Set Up App-Only Access To Your Tenant to solve (401) Unathorized Errors

Set Up App-Only Access To Your Tenant to solve (401) Unathorized Errors

26th June 2020 by Daniel Westerdale Leave a Comment

Setting up an App-only principal in SharePoint Online is documented in Grant Access using SharePoint App-Only This post highlights how this approach can resolve: “Unauthorized (401) errors”, running tenant level PnPComandlets such as Set-PnPStorageEntity , under an global admin account with multi-factor authorisation (MFA) enforced.

The remote server returned an error: 401 Unauthorized

Advice

Store securely the generated Client Id (AppId) and Client Secret (AppSecret) generated in the step below as these will be used when connecting your tenant.

 

  1. Create the Client Id and Secret

    Go to following UL tenant: https://[yourtenant].sharepoint.com/_layouts/15/appregnew.aspx you can go to any site, but for now pick the root site. Click the Generate, to create the Client Id and Client Secret. Finally click Save.

  2. Grant permssions

    Now you have the app principal created, you need to grant tenant level permssions, via the /appinv.aspx page on the SharePoint admin site . https://[yourtenant]admin.sharepoint.com/_layouts/15/appinv.aspx . Next, enter your previously recorded Client Id and click Lookup. For the requisite “Full Control” permissions, you will neet to copy and paste the permission scope definition shown in the XML below. 

  3. Trust Dialog

     

<AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Connecting to Office 365 in PowerShell

The Set-PnPStorageEntity Commandlet, allows you to save a storage entity (property) , either in the tenant level application catalogue, to be accessible from any site or in a single site collection scoped application catlogue.

You may successfully connect to office 365 with your MFA Global Admin account with the Connect-PnPOnline commandlet:

Connect-PnPOnline https://yoursitesharepoint.com -SPOMangementShell

However, you could encounter annoying: (401) Unauthorized errors, if the account has MFA enforced.

To resolve the error, you can connect to your tenant with any site url, using the Client Id and Client Secret. Alternatively, you can also connect to a specific site, should you want to save the storage entity, scoped only to that site ( collection).

# tenant or farm level
Connect-PnPOnline -Url https://yourtenant.sharepoint.com -AppId "[Your Client ID]" -AppSecret "[Your Client Secret]"
# site level 
Connect-PnPOnline -Url https://yourtenant.sharepoint.com/sites/yoursite   -AppId "[Your Client ID]" -AppSecret "[Your Client Secret]"

The command only gives feedback when there is a error – to verify the storage entity is set, run the following command.

Filed Under: SharePoint Tagged With: App-Only

About Daniel Westerdale

Daniel Westerdale is a freelance SharePoint and Office 365 Consultant, helping both private and public sector clients get the most out of their investment in Microsoft's collaboration technologies.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

  • GitHub
  • LinkedIn
  • RSS
  • Twitter

Daniel Westerdale

Daniel Westerdale is a freelance SharePoint and Office 365 Consultant, helping both private and public sector clients get the most out of their investment in Microsoft's collaboration technologies.

About…

Categories

Latest Posts

  • Set Up App-Only Access To Your Tenant to solve (401) Unathorized Errors 26th June 2020
  • Enable MFA for Users with Office 365 E3 and E5 Licenses 8th June 2020
  • Protected: GITHub Cheat sheet 12th January 2020
  • Cycle Live Nottingham 2019: 75 Miles 30th June 2019
  • Walsgrave Rides 2019-2020 13th May 2019

Copyright © 2021 — Westerdale Solutions Ltd • All rights reserved. • Privacy Policy •Built on: Genesis Framework •