Minimizing prompts when connecting Teams and Sharepoint using powerShell when Multifactor Authentication is enabled .

Kriti Bhardwaj 1 Reputation point
2022-08-25T10:34:29.14+00:00

I'm trying to connect teams and sharepoint using powershell scripts i.e., Connect-MicrosoftTeams -Credential $mycred and Connect-MsolService -Credential $mycred -AzureEnvironment AzureCloud , Credentials which we are using has Multi factor authentication Enabled on them, which shows prompts and error while executing these script. I want to minimize the MFA and login prompt. Is there any way if we can use App Authenticator or any other authentication way to achieve this.

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
8,721 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,214 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Vasil Michev 91,361 Reputation points MVP
    2022-08-25T11:45:36.647+00:00

    The Teams PowerShell module does not (officially) support app authentication just yet, support should be coming in the next versions. As for the MSOnline module, it's on a deprecation path - use the MG Graph SDK for PowerShell instead. It supports CBA/passing token in the app auth context.

    0 comments No comments

  2. Kriti Bhardwaj 1 Reputation point
    2022-08-25T11:59:36.56+00:00

    So, what should be the best way to minimize the prompt when MFA is Enabled on user ID?

    0 comments No comments

  3. Tong Zhang_MSFT 9,111 Reputation points
    2022-08-26T05:55:29.707+00:00

    Hi @Kriti Bhardwaj ,

    According to my research and testing, unfortunately, it is currently not possible to minimize prompts when MFA is enabled on a user ID.

    Thanks for your understanding.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



  4. Kriti Bhardwaj 1 Reputation point
    2022-08-29T05:00:57.113+00:00

    We are trying to use modern authentication while logging in (Access token/ Client Secret/ Managed Identity) for the 2 cmdlets (Connect Microsoft Teams and Connect SPO Service). As per my finding, we can use access token to connect to Teams. When I am following the steps in the document.

    Documentation link:- https://learn.microsoft.com/en-us/powershell/module/teams/connect-microsoftteams?view=teams-ps

    I am getting the below error :-

    ![**Invoke-RestMethod : {"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'd2832c66-6936-4709-b0c7-8b334f5bcfc5' named 'EXO
    Powershell'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 90b96c77-2740-45bc-9971-b0e264803200\r\nCorrelation ID: 57009b3e-daa6-47f1-acbe-bb5a553726bd\r\nTimestamp: 2022-08-25
    14:38:10Z","error_codes":[65001],"timestamp":"2022-08-25 14:38:10Z","trace_id":"90b96c77-2740-45bc-9971-b0e264803200","correlation_id":"57009b3e-daa6-47f1-acbe-bb5a553726bd","suberror":"consent_required"}
    At line:2 char:16

    • ... amsToken = (Invoke-RestMethod @RequestParameters -Body "$Body&scope=4 ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand**](/api/attachments/235508-screenshot-25.png?platform=QnA)

    Also for Connect SPO service, I didn't find any document that clarifies the support for modern authentication. Please let me know how we can use (Access token/ Client Secret/ Managed Identity) while using these 2 cmdlets.