locked
Using MFA account in a runbook RRS feed

  • Question

  • Hi guys, 

    I have a simple runbook and it has a PowerShell script which prints out all our SharePoint sites information. 

    The script works with an account that does not have MFA but I need to use an account with MFA. Than I run the script with MFA account than I got an error:

    Connect-SPOService : The partner returned a bad sign-in name or password error. For more information, see Federation 
    Error-handling Scenarios.
    At line:6 char:2
    +  Connect-SPOService -Url $SPOAdminSiteUrl -Credential $PSCred
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], IdcrlException
        + FullyQualifiedErrorId : 
    Microsoft.SharePoint.Client.IdcrlException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
     
    Get-SPOSite : No connection available. Use Connect-SPOService before running this CmdLet.
    At line:7 char:2
    +  Get-SPOSite -Limit all | ForEach-Object { Write-Output ("Site: " + $ ...
    +  ~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-SPOSite], InvalidOperationException
        + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Online.SharePoint.PowerShell.GetSite

    My question is that how can I run a script with an account that has MFA ? 

    thank you,

    Saturday, May 2, 2020 9:46 PM

All replies

  • Thanks for reaching out!! Ideal recommendation is to execute Powershell scripts non-interactively is to create a service account with a strong password and not enabling the account for two-step verification.Currently, its not possible to execute the scripts non-interactively for SharepointPoint Online for MFA enabled accounts for non-browser clients like Powershell.

    As you are using Azure Automation, my suggestion is to provide application permissions which is similar to add in permissions to the Azure Run As Account in Sharepoint and use it to execute scripts non-interactively.

    For browser clients, you can use App passwords to bypass the multi factor authentication. For more information about app passwords, kindly refer this document.

    Hope this helps!!


    Wednesday, May 20, 2020 12:51 PM