Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, December 21, 2017 10:33 PM | 1 vote
We currently have
SPOTenant.LegacyAuthProtocolsEnabled = $FALSE
This prevents the use of the "-Credential" parameter when using the "Connect-SPService" cmdlet. The only way to connect to our SharePoint Online tenant via PowerShell is to forgo the use of the "-Credential" parameter which in-turn shows a modern-authentication "page" for entering one's credentials.
IF you run: "Set-SPOTenant -LegacyAuthProtocolsEnabled $TRUE", then you can utilize the "-Credential" parameter when running the "Connect-SPService" cmdlet.
So, the question is:
Is there a way to automate/script a logon to SharePoint Online for our PowerShell scripts WITHOUT having to set the "LegacyAuthProtocolsEnabled" attribute of our SPOTenant to $TRUE?
Thank you for your help!
All replies (4)
Friday, December 22, 2017 7:37 AM
Hi,
Why do you want to set LegacyAuthProtocolsEnabled parameter to False?
LegacyAuthProtocolsEnabled Optional System.Boolean By default this value is set to $True.
Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources.
All custom CSOM, PowerShell code will stop working
This may also prevent third-party apps from accessing SharePoint Online resources.
Also, this will also block apps using the SharePointOnlineCredentials class to access SharePoint Online resources. For additional information about SharePointOnlineCredentials, see SharePointOnlineCredentials class.
In short, the scenario you meet works as expected. I suggest you not to change the value to False.
Best Regards,
Dean Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, June 8, 2018 1:44 PM | 2 votes
Set-SPOTenant -LegacyAuthProtocolsEnabled $False
Hi - the above setting has been suggested to our company by Microsoft support to prevent brute force password attempts which are forwarded via Office365 servers to our ADFS server.
We have the issue where we need to automate tasks in SharePoint and disabling Legacy Auth breaks it. Are there any options to use PowerShell SPO code with Legacy Auth disabled?
Monday, December 17, 2018 4:31 PM
John,
I was wondering if you ever found a work-around to this aside from enabling Legacy Auth? We're having the same issue... specifically, we have Legacy Auth disabled and it's breaking the Powershell scripts we use to query SharePoint Online lists/libraries. We only require MFA from external networks (i.e., it's not required for authentication from the system running the scripts), but that doesn't seem to make a difference. Appreciate the help. -Adam
Friday, February 21, 2020 2:18 PM
Any luck with a workaround?