Cannot force Modern Authentication when using Connect-SPOService cmdlet in SharePoint Online Management Shell


You can't force Modern Authentication when you use the Connect-SPOService cmdlet in Microsoft SharePoint Online Management Shell, unless you add an undocumented registry key to your client computer.


This issue can occur if you added an Active Directory Federation Services (ADFS) claim rule to block legacy authentication requests when these requests don't originate from your expected IP range. The Connect-SPOService cmdlet uses legacy authentication but doesn't pass along the IP range information, so the cmdlet is blocked.



Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To work around this issue, add the following registry subkey on the client computer to force Modern Authentication.


"ForceOAuth" = dword:00000001

More information

Still need help? Go to SharePoint Community.