The ‘annoying’ new SSO permission prompt in Windows 11 (or one of the installed apps) can be blocked by editing IntegratedServicesRegionPolicySet.json.
To make this easier for my fellow admins, here’s a script to automate this through e.g. Intune (run in SYSTEM context!)
For those googling, above error happened for us when trying to use application-based authentication for the MS Teams PowerShell commandlets.
We followed the instructions but kept getting Invalid credential Provide valid credential whenever calling a cmdlet, while the connect-microsoftteams command worked fine with the -accesstokens param.
Turns out, when you assign application level permissions to your service principal on top of the delegated permissions, the SPN is not authorized for all subsequent cmdlet calls :O
If you want to allow users in Sharepoint to select e.g. security groups or teams from a dropdown in a List and don’t want to manually keep that list of choices up to date….this is for you!
I’ve used Power Automate Flow for this specific scenario, but Logic Apps will of course work just as well.
First, define some variables and retrieve all the groups you want to show up in the Choice column:
Then, create a string with all the group’s names using a simple loop:
Then use ‘Send an HTTP request to Sharepoint’ to retrieve current columns (fields) defined in the list if you don’t know the GUID yet. This step is optional and uses GET to the _api/web/Lists/GetById(”)/Fields method.
Finally, use another Send an HTTP request to Sharepoint to Patch the column definition of the Choice column with the new group names.
Note we’re using PATCH for the _api/Web/Lists(guid”)/Fields(guid”) method and that I’m removing the trailing comma (,) from the data we’re patching in.
Also note that if you’re not using multiple choice but single choice you’ll need to adjust the SP.FieldMultiChoice and 15 values.
Let’s face it, Microsoft’s documentation on using Sharepoint as a data source (or sink) in ADF is pretty bad. And it doesn’t even describe how to use the Managed Identity of ADF, who still wants to register separate app credentials? Noooooo you don’t.
So here’s an example how to use Managed Identity to read a json file from a given SpO site, using minimal permissions given to ADF.
Enable MI in datafactory, I’m assuming you know how to do this.
Give ADF Sites.Selected Graph permissions, e.g. like this:
Go to https://yourtenant.sharepoint.com/sites/yoursite/_api/site/id and copy the Edm Guid:
Go to https://developer.microsoft.com/en-us/graph/graph-explorer. Log in at the top right using a user with sufficient permissions (Sites.FullControl.All), set the mode to POST, add the EDM guid in the URL and create the request body as follows (the id in the body can be found back in step 2, $Msi.AppId)
Create a REST linked service in ADF with Managed Identity auth: