PnP Management Shell EntraID app is deleted : what should I do ? #4250
Description
Apologies for such a short notice on this abrupt change, unfortunately we can't extend or undo this.
For questions/information related to this , please navigate to the below discussion page:
As part of a focus on improving the security posture, the multi-tenant PnP Management Shell EntraID app has been deleted.
You can read more about this announcement here:
https://pnp.github.io/blog/post/changes-pnp-management-shell-registration/
I am getting this error
Message: AADSTS700016: Application with identifier '31359c7f-bd7e-475c-86db-fdb8c937548e' was not
found in the directory 'The [companyname]'.
This can happen if the application has not been installed by the administrator
of the tenant or consented to by any user in the tenant.
You may have sent your authentication request to the wrong tenant.
Who does it impact ?
This impacts every code/script which depends on this EntraID app. The had Client/Application ID:
31359c7f-bd7e-475c-86db-fdb8c937548e
This impacts the credentials flow, interactive flow as well as device login flow , only if you used this app.
I am using Client ID + Certificate, Managed Identity , my own Entra ID App, legacy ACS (ClientID + Secret) to authenticate
Then, you are not impacted by this change. No need to change anything. Your scripts should continue to work as is. If you run into any issue, please create one in the issue list and we will look into it.
What is the easiest/fastest way to get my scripts back up & running with minimal changes?
Create your own Entra ID app and assign it the minimal permissions that you would require.
Add an environment variable ENTRAID_APP_ID or ENTRAID_CLIENT_ID like this:
$env:ENTRAID_APP_ID = '<Client/Application ID of EntraID app>'
Ensure that you are using the latest version of PnP PowerShell, the latest is 2.12.0.
The latest update will pick up the value from the environment variable and use it.
More information: https://pnp.github.io/powershell/articles/defaultclientid.html
How do I create an Entra ID app ?
Manual steps: https://pnp.github.io/powershell/articles/registerapplication.html#manually-create-an-app-registration-for-interactive-login
Automated steps:
How do I determine which permissions I should assign ?
You can read about it here:
https://pnp.github.io/powershell/articles/determinepermissions.html
I have an existing Entra ID app. Can I use it ?
Yes, just set the value of its ClientID in an environment variable and ensure that you are using the latest version of PnP PowerShell.
My org only allows FIDO keys, Conditional access policy , Windows Hello or other secure auth mode
PnP PowerShell 2.12 and later versions now support authentication using these native secure mode of authentication.
More info about it here:
https://pnp.github.io/powershell/cmdlets/Connect-PnPOnline.html#example-18
https://pnp.github.io/powershell/cmdlets/Connect-PnPOnline.html#-oslogin
Feel free to ask any question that you may have about this change.
Apologies for such a short notice on this abrupt change, unfortunately we can't extend or undo this.