Share via

Connect-SPOService : No valid OAuth 2.0 authentication session exists

john john Pter 1,510 Reputation points
2026-03-21T19:43:58.4433333+00:00

I use to connect to SharePoint using powershell, but after i set this Access Policy to "Allow limited" instead "Full Access":-

User's image

I start getting this error :-

PS C:\WINDOWS\system32> Connect-SPOService -Url "https://**-admin.sharepoint.com"

>>

Connect-SPOService : No valid OAuth 2.0 authentication session exists

At line:1 char:1

+ Connect-SPOService -Url "https://**-admin.sharepoint.com"

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], AuthenticationException

+ FullyQualifiedErrorId : Microsoft.Online.SharePoint.PowerShell.AuthenticationException,Microsoft.Online.SharePoi

nt.PowerShell.ConnectSPOService

User's image

now even i changed the setting back to Full Control i still get the same error.... and we have 2 conditional access polices both are turned off as follow:-

User's image

Microsoft 365 and Office | SharePoint | Development
0 comments
Answer accepted by question author
  1. Julie Huynh 570 Reputation points Independent Advisor
    2026-03-22T04:25:23.6633333+00:00

    Dear @john john Pter,

    Good day! Welcome to Microsoft Q&A forum!

    Based on your description, you had been connecting to SharePoint Online through PowerShell without issues, but after switching the Unmanaged devices setting to Allow limited, web‑only access, you began receiving the error: Connect-SPOService : No valid OAuth 2.0 authentication session exists.

    Even after reverting the setting to Full access, the error continues. You’re also seeing an access‑blocked message, and although your two related Conditional Access policies are both Off, the problem still persists.

    I sincerely apologize the inconvenience caused by this issue.

    Regarding the recent change you made in the Unmanaged Devices policy, please note that when you switch the setting back to “Allow full access”, it can take up to 24 hours for the update to propagate across all SharePoint and Microsoft 365 services. During this period, it is normal to continue experiencing the previous restrictions or authentication issues.

    Given your current situation where PowerShell connections began failing after switching to “Allow limited, web‑only access” this delay may explain why the issue persists even after reverting the setting. I recommend allowing some time for the policy to fully synchronize.

    For your reference, please review the following Microsoft Learn article, which explains how access from unmanaged devices is controlled in SharePoint: IT Admins - SharePoint and OneDrive unmanaged device access controls

    If the problem continues beyond that window, please feel free to reach out to me.

    I appreciate your time and look forward to hearing how things are going! 

    Thank you for your time and patience.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread. 

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-21T19:44:13.5966667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error occurs because the SharePoint Online Management Shell connection is being blocked by the access/conditional access policy and legacy authentication behavior. After changing unmanaged device access, the OAuth session used by Connect-SPOService is no longer accepted.

    To restore connectivity, use modern authentication with the updated SharePoint Online Management Shell and explicitly specify the authentication URL:

    # 1. Make sure the SharePoint Online Management Shell is updated
#    (version 16.0.22601.12000 or later)

# 2. Run PowerShell as Administrator and, if needed, set execution policy for the session
Set-ExecutionPolicy Undefined

# 3. Connect with Modern Authentication
$creds = Get-Credential
Connect-SPOService `
  -Url https://<tenant>-admin.sharepoint.com `
  -Credential $creds `
  -ModernAuth $true `
  -AuthenticationUrl https://login.microsoftonline.com/organizations

    If the connection still fails, verify the following:

    1. SharePoint Online Management Shell is up to date and supports the -ModernAuth and -AuthenticationUrl parameters.
    2. TLS 1.2 is enabled on the client so that the authentication flow can complete.
    3. PowerShell is running elevated (Run as administrator) when changing execution policy.

    If issues persist after these steps, follow the general troubleshooting guidance for errors when connecting to SharePoint Online Management Shell.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.