Authenticate Connect-SPOService without user interaction

Garima Das 1,041 Reputation points
2021-07-30T11:05:58.777+00:00

Hi Experts,

I am using Connect-SPOService to connect to the SharePoint admin site and then making setting changes to it. I have created a script for this purpose and we are intending to run the script using a pipeline in DevOps. But in the whole process, providing the credentials while the script runs is a blocker.

How can we pass credentials to the Connect-SPOService without user interaction?

Thanks.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,810 questions
Office Management
Office Management
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Management: The act or process of organizing, handling, directing or controlling something.
2,019 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,706 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,404 questions
0 comments No comments
{count} votes

Accepted answer
  1. MichaelHan-MSFT 18,016 Reputation points
    2021-08-02T01:51:57.587+00:00

    Hi @Garima Das ,

    You could pass credentials like this:

    $userName = "user@tenant.onmicrosoft.com"  
    $password = ConvertTo-SecureString -String "xxxxxx" -AsPlainText -Force  
    $credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName, $password  
    Connect-SPOService -Url https://tenant-admin.sharepoint.com -Credential $credential  
    

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Jamie Clarke 1 Reputation point
    2022-07-04T08:57:12.66+00:00

    The below will be what you are looking for, to encrypt a string for use later as a password:

    ##############################################################################  
    #.SYNOPSIS  
    # Encrypts a password with a randomly generated AES Key  
    #  
    #  
    #.DESCRIPTION  
    # Outputs a file with the AES key in and a file with the encrypted password in.  If you set ACL on the AES Key File, no one else can decrypt your password  
    #  
    #  
    #.PARAMETER AESKeyFilePath  
    # File path to store the AES key  
    #  
    #  
    #.PARAMETER PasswordToEncrypt  
    # Plain text password to encrypt  
    #  
    #  
    #.PARAMETER CredentialFilePath  
    # File path to store the encrypted password  
    #  
    #  
    #.EXAMPLE  
    # EncryptWith-AesKey "C:\AESKeyFilePath.txt" "SomeRandomPassword1!" "C:\CredentialFilePath.txt"  
    ##############################################################################  
    function EncryptWith-AesKey($AESKeyFilePath, $PasswordToEncrypt, $CredentialFilePath) {  
    # Generate a random AES Encryption Key.  
    $AESKey = New-Object Byte[] 32  
    [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey)  
    
    # Store the AESKey into a file. This file should be protected!  (e.g. ACL on the file to allow only select people to read)  
    Set-Content $AESKeyFilePath $AESKey   # Any existing AES Key file will be overwritten         
    
    # Store password that has been encrypted with the AESKey  
    $password = $PasswordToEncrypt | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -Key $AESKey  
    Set-Content $credentialFilePath $password  
    }  
    

    Set paths for AES encryption key and encrypted password, then enter password to encrypt into the read-host prompt:

    $AESFP = "C:\aes\aes"  
    $Password = Read-Host "Please enter new password to encrypt, this will overwrite current password:"  
    $CredFP = "C:\enc\pwd"  
    

    Run function to encrypt password and write it to $CredFP file.

    EncryptWith-AesKey $AESFP $Password $CredFP  
    
    #Decrypt password as a secure string (unreadable by user)  
    $AESKey = Get-Content "C:\aes\AES"  
    $pwdTxt = Get-Content "C:\enc\pwn"  
    $securePwd = $pwdTxt | ConvertTo-SecureString -Key $AESKey  
    

    Cred object (to pass to -Credential or -Credentials)

    $CredObject = New-Object System.Management.Automation.PSCredential -ArgumentList "My.Username@My-Company.com", $securePwd  
    

    Username and Password (not visible to user) if need separately:

    $Username = $CredObject.UserName  
    $Password = $CredObject.Password  
    

    So for your Sharepoint connection:

    Connect-SPOService -Url https://tenant-admin.sharepoint.com -Credential $CredObject

    Hope this helps! Bit late I know.