check before: 2025-11-21
Product:
Entra, SharePoint
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
SharePoint Online Management Shell now supports app-only certificate-based authentication for secure, unattended automation with MFA. Administrators can register apps in Microsoft Entra ID, assign API permissions, and use certificates to run scripts without user credentials, enhancing security and compliance.
Details:
[Introduction]
We are pleased to announce that SharePoint Online Management Shell now supports App-Only Certificate-Based Authentication. This update addresses the business need for secure, unattended automation in environments where (for example) Multi-Factor Authentication (MFA) is enforced. With this enhancement, customers can run automation scripts using app identities, ensuring compliance with security policies while maintaining operational efficiency.
[When this will happen:]
This feature is now generally available.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-11-21
updated:
2025-11-21
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Authentication Failure
If the app-only certificate-based authentication is implemented without proper preparation, scripts may fail to execute due to missing API permissions or incorrect app registration, leading to operational disruptions.
- roles: SharePoint Administrators, Automation Engineers
- references: https://learn.microsoft.com/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-2-assign-api-permissions-to-the-application, https://learn.microsoft.com/powershell/module/microsoft.online.sharepoint.powershell/connect-sposervice?view=sharepoint-ps
Security Compliance Risks
Without adequate preparation, there may be instances where scripts require explicit user tokens for security reasons, potentially exposing the organization to compliance risks if not handled correctly.
- roles: SharePoint Administrators, Automation Engineers
- references: https://learn.microsoft.com/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-1-register-the-application-in-microsoft-enra-id, https://learn.microsoft.com/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-4-attach-the-certificate-to-the-microsoft-enra-application
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
