Authenticate Connect-SPOService without user interaction

Garima Das 961 Reputation points
2021-07-30T11:05:58.777+00:00

Hi Experts,

I am using Connect-SPOService to connect to the SharePoint admin site and then making setting changes to it. I have created a script for this purpose and we are intending to run the script using a pipeline in DevOps. But in the whole process, providing the credentials while the script runs is a blocker.

How can we pass credentials to the Connect-SPOService without user interaction?

Thanks.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,541 questions
Office Management
Office Management
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Management: The act or process of organizing, handling, directing or controlling something.
1,995 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,649 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,345 questions
0 comments
Accepted answer
  1. MichaelHan-MSFT 18,016 Reputation points
    2021-08-02T01:51:57.587+00:00

    Hi @Garima Das ,

    You could pass credentials like this: 

    $userName = "user@tenant.onmicrosoft.com"  
$password = ConvertTo-SecureString -String "xxxxxx" -AsPlainText -Force  
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName, $password  
Connect-SPOService -Url https://tenant-admin.sharepoint.com -Credential $credential

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jamie Clarke 1 Reputation point
    2022-07-04T08:57:12.66+00:00

    The below will be what you are looking for, to encrypt a string for use later as a password:

    ##############################################################################  
#.SYNOPSIS  
# Encrypts a password with a randomly generated AES Key  
#  
#  
#.DESCRIPTION  
# Outputs a file with the AES key in and a file with the encrypted password in.  If you set ACL on the AES Key File, no one else can decrypt your password  
#  
#  
#.PARAMETER AESKeyFilePath  
# File path to store the AES key  
#  
#  
#.PARAMETER PasswordToEncrypt  
# Plain text password to encrypt  
#  
#  
#.PARAMETER CredentialFilePath  
# File path to store the encrypted password  
#  
#  
#.EXAMPLE  
# EncryptWith-AesKey "C:\AESKeyFilePath.txt" "SomeRandomPassword1!" "C:\CredentialFilePath.txt"  
##############################################################################  
function EncryptWith-AesKey($AESKeyFilePath, $PasswordToEncrypt, $CredentialFilePath) {  
# Generate a random AES Encryption Key.  
$AESKey = New-Object Byte[] 32  
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey)  

# Store the AESKey into a file. This file should be protected!  (e.g. ACL on the file to allow only select people to read)  
Set-Content $AESKeyFilePath $AESKey   # Any existing AES Key file will be overwritten         

# Store password that has been encrypted with the AESKey  
$password = $PasswordToEncrypt | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -Key $AESKey  
Set-Content $credentialFilePath $password  
}

    Set paths for AES encryption key and encrypted password, then enter password to encrypt into the read-host prompt:

    $AESFP = "C:\aes\aes"  
$Password = Read-Host "Please enter new password to encrypt, this will overwrite current password:"  
$CredFP = "C:\enc\pwd"

    Run function to encrypt password and write it to $CredFP file.

    EncryptWith-AesKey $AESFP $Password $CredFP  

#Decrypt password as a secure string (unreadable by user)  
$AESKey = Get-Content "C:\aes\AES"  
$pwdTxt = Get-Content "C:\enc\pwn"  
$securePwd = $pwdTxt | ConvertTo-SecureString -Key $AESKey

    Cred object (to pass to -Credential or -Credentials)

    $CredObject = New-Object System.Management.Automation.PSCredential -ArgumentList "My.Username@My-Company.com", $securePwd

    Username and Password (not visible to user) if need separately:

    $Username = $CredObject.UserName  
$Password = $CredObject.Password

    So for your Sharepoint connection:

    Connect-SPOService -Url https://tenant-admin.sharepoint.com -Credential $CredObject

    Hope this helps! Bit late I know.