My script runs fine using SharePoint Online Management Shell but fails in Azure automation runbook(The sign-in name or password does not match one in the Microsoft account system)

Question

Hi
I tried to use "Connect-SPOService" in my Runbooks and it worked fine, but from two weeks ago it started failing.

Connect-SPOService -Url "https://xxxx-admin.sharepoint.com/" -Credential $ serviceAccountCred

It works fine when I try it in Windows Powershell.

I have installed:
Microsoft.Online.SharePoint.PowerShell 16.0.22315.12000

and MFA is disabled and my account is Global admin.
It does not fail when I use Connect-PnPOnline and Connect-AzureAD.
it runs fine using SharePoint Online Management Shell but fails in Azure automation runbook.

thanks
Nargess

Answer 1

Hi @Nargess Mojtahedi ,

<<Sharing the summary of Azure technical support request here so it would benefit the other members of the Microsoft Q&A community who might be looking for similar information.>>

Issue:

Runbook was failing with the error: "The sign-in name or password does not match one in the Microsoft account system" when trying to connect to SPO service.

Cause:

Customer environment has a Conditional Access Policy that blocks legacy authentication. Microsoft.Online.SharePoint.PowerShell module does not work with modern authentication in unattended mode.

Solution:

In this scenario there is no perfect solution as on one hand the Azure Runbook nature that doesn’t allow any interactivity and on the other hand there are PowerShell limitations. Workaround is either making an exclusion in the Conditional Access Policy that blocks legacy authentication for the user account or using the PnP module to connect to SharePoint Online.