MC888036 – Prevent/Fix: PnP PowerShell authentication failures

OneDrive for Business logo

check before: 2024-09-12

Product:

Entra, Microsoft 365 admin center, OneDrive, Power Apps, SharePoint, Syntex, Teams

Platform:

Online, World tenant

Status:

Change type:

User impact, Admin impact

Links:

Details:

Summary:
Recent changes to PnP PowerShell are causing authentication failures. Users experiencing errors with the PnP Management Shell app must create their own Entra application. Resolution involves updating PnP PowerShell, creating an Entra application, and setting an environment variable with the application ID. PnP PowerShell is community-supported, not officially by Microsoft.

Details:
PnP PowerShell is a community provided open-source tool which does not have direct support from Microsoft.
Microsoft 365 customers have provided feedback that a recent change with PnP PowerShell is impacting their scripts.
Although PnP PowerShell is not directly supported by Microsoft, we are providing this information in an effort to help customers address the change.
If you are authenticating your PnP PowerShell sessions and seeing below error, then you are using the PnP Management Shell app (id = 31359c7f-bd7e-475c-86db-fdb8c937548e) and you will need to set up your own Entra application in your own tenant.
Message: AADSTS700016: Application with identifier '31359c7f-bd7e-475c-86db-fdb8c937548e' was not
found in the directory 'The [companyname]'.
This can happen if the application has not been installed by the administrator
of the tenant or consented to by any user in the tenant.
You may have sent your authentication request to the wrong tenant.
Resolution steps
Ensure you're using the latest PnP PowerShell version
Create your own Entra application and assign it the minimal permissions that you would require. This can be done using PnP PowerShell or manually in Entra admin center
Add an environment variable named ENTRAID_APP_ID with as value the application id of the application created in previous step
More details on how to use PnP PowerShell to set up a new Entra application or how to do this manually are described here: https://github.com/pnp/powershell/issues/4250.
Note that PnP PowerShell is a community powered open-source solution which does not receive official support from Microsoft. The community behind this project is providing best effort support via the issue list and discussion forum in the PnP PowerShell GitHub repository.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-09-12

updated:
2024-09-12

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Direct effects for Operations**

Authentication Failures
Users will face authentication errors when trying to use PnP PowerShell due to missing Entra application setup.
   - roles: IT Administrators, Power Users
   - references: https://github.com/pnp/powershell/issues/4250, https://pnp.github.io/powershell/articles/defaultclientid.html#by-setting-an-environment-variable " target="_blank" rel="nofollow noopener noreferrer">https://pnp.github.io/powershell/articles/defaultclientid.html#by-setting-an-environment-variable

Script Execution Issues
Scripts relying on PnP PowerShell will fail to execute, impacting automation and workflows.
   - roles: Developers, IT Administrators
   - references: https://github.com/pnp/powershell/issues, https://pnp.github.io/powershell/articles/installation.html#stable-build-1

Increased Support Requests
Users will generate more support requests due to confusion and errors related to the PnP Management Shell app.
   - roles: Helpdesk Staff, IT Support
   - references: https://github.com/pnp/powershell/discussions, https://github.com/pnp/powershell/issues " target="_blank" rel="nofollow noopener noreferrer">https://github.com/pnp/powershell/issues

User Experience Degradation
Users will experience frustration and decreased productivity due to authentication issues and script failures.
   - roles: End Users, Power Users
   - references: https://pnp.github.io/powershell/articles/registerapplication.html#manually-create-an-app-registration-for-interactive-login, https://pnp.github.io/powershell/articles/registerapplication.html#automatically-create-an-app-registration-for-interactive-login

Compliance Risks
Failure to set up the Entra application correctly may lead to unauthorized access or compliance violations.
   - roles: Compliance Officers, IT Administrators
   - references: https://pnp.github.io/powershell/articles/defaultclientid.html#by-setting-an-environment-variable, https://github.com/pnp/powershell/issues/4250

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced User Training on PnP PowerShell
Providing targeted training sessions for users on how to create and manage their own Entra applications will empower them to troubleshoot authentication issues independently, reducing downtime and dependency on IT support.
   - next-steps: Develop a training program or workshops focused on PnP PowerShell and Entra application management, including hands-on sessions and documentation.
   - roles: IT Administrators, End Users, Developers
   - references: https://pnp.github.io/powershell/articles/registerapplication.html#manually-create-an-app-registration-for-interactive-login, https://github.com/pnp/powershell/issues

Centralized Management of Entra Applications
Implementing a centralized management system for Entra applications will streamline the process of creating and managing these applications, ensuring consistent permissions and security practices across the organization.
   - next-steps: Evaluate current Entra application management processes and tools, and consider implementing a centralized dashboard for visibility and control.
   - roles: IT Administrators, Security Officers, Compliance Managers
   - references: https://pnp.github.io/powershell/articles/defaultclientid.html#by-setting-an-environment-variable, https://github.com/pnp/powershell/discussions

Regular Updates and Maintenance of PnP PowerShell
Establishing a regular schedule for updating PnP PowerShell tools and related documentation will minimize the risk of authentication failures due to outdated versions and ensure users have access to the latest features and fixes.
   - next-steps: Create a maintenance schedule for PnP PowerShell updates, including communication to users about new features and changes.
   - roles: IT Administrators, Developers, Support Staff
   - references: https://pnp.github.io/powershell/articles/installation.html#stable-build-1, https://github.com/pnp/powershell/issues/4250

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

long explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Last updated 4 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!