powershell icon indicating copy to clipboard operation
powershell copied to clipboard

Published 20 hours ago verified publisher icon pnp

[BUG] - Please document Add-PnPMicrosoft365GroupToSite Permissions

Open nuclearxp opened this issue 9 months ago • 0 comments

We are attempting to use Add-PnPMicrosoft365GroupToSite to automate enabling modern groups on SPO sites. We have been unable to get this working with delegated permissions after the PnP azure app expired. We have exhausted trial and error approach to figuring out how to do this. Reporting an Issue or Missing Feature

Add-PnPMicrosoft365GroupToSite: Attempted to perform an unauthorized operation.

Expected behavior

SPO site is modern group enabled (create the group/alias, connect to SPO Site) Add-PnpMicrosof365GroupToSite documentation: https://pnp.github.io/powershell/cmdlets/Add-PnPMicrosoft365GroupToSite.html lacks sufficient permission documentation for success. All it states is "SharePoint: Access to the SharePoint Tenant Administration site" which hardly seems sufficient. It lacks the delegated azure app permissions, and any context on whether the delegated account needs access to the site or not. Actual behavior

Add-PnPMicrosoft365GroupToSite: Attempted to perform an unauthorized operation.

Steps to reproduce behavior

Apply application permissions to azure application for provisioning SPO sites and adding the delegated user to target site collection admin. apply delegated azure permissions provision SPO site with azure application, add delegated user as SCA for subsequent site configuration add delegated user to -admin root site collection (unclear how this is related other than an api endpoint to call against) disconnect from PNP obtain bearer token for delegated account through a painful series of attempts to use a cert auth/secret token app and user to get a bearer token, scope: https://.sharepoint.com/.default that provides the following scopes: https://.sharepoint.com/AllSites.FullControl https://.sharepoint.com/AllSites.Read https://.sharepoint.com/Group.ReadWrite.All https://.sharepoint.com/Sites.FullControl.All https://sharepoint.com/.default" attempt to groupify the site: add-pnpmicrosoft365grouptosite -url -displayname -alias -keepoldhomepage What is the version of the Cmdlet module you are running?

2.12.0; 2.99.139 (version doesn't seem to matter)

Which operating system/environment are you running PnP PowerShell on?

[x ] Windows Linux [ x] MacOS Azure Cloud Shell Azure Functions Other : please specify

nuclearxp avatar Feb 20 '25 20:02 nuclearxp