Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] - Please document Add-PnPMicrosoft365GroupToSite Permissions #4748

Open
nuclearxp opened this issue Feb 20, 2025 · 0 comments
Open

[BUG] - Please document Add-PnPMicrosoft365GroupToSite Permissions #4748

nuclearxp opened this issue Feb 20, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@nuclearxp
Copy link

We are attempting to use Add-PnPMicrosoft365GroupToSite to automate enabling modern groups on SPO sites. We have been unable to get this working with delegated permissions after the PnP azure app expired. We have exhausted trial and error approach to figuring out how to do this.
Reporting an Issue or Missing Feature

Add-PnPMicrosoft365GroupToSite: Attempted to perform an unauthorized operation.

Expected behavior

SPO site is modern group enabled (create the group/alias, connect to SPO Site)
Add-PnpMicrosof365GroupToSite documentation: https://pnp.github.io/powershell/cmdlets/Add-PnPMicrosoft365GroupToSite.html lacks sufficient permission documentation for success. All it states is "SharePoint: Access to the SharePoint Tenant Administration site" which hardly seems sufficient. It lacks the delegated azure app permissions, and any context on whether the delegated account needs access to the site or not.
Actual behavior

Add-PnPMicrosoft365GroupToSite: Attempted to perform an unauthorized operation.

Steps to reproduce behavior

Apply application permissions to azure application for provisioning SPO sites and adding the delegated user to target site collection admin.
apply delegated azure permissions
provision SPO site with azure application, add delegated user as SCA for subsequent site configuration
add delegated user to -admin root site collection (unclear how this is related other than an api endpoint to call against)
disconnect from PNP
obtain bearer token for delegated account through a painful series of attempts to use a cert auth/secret token app and user to get a bearer token, scope: https://.sharepoint.com/.default that provides the following scopes:
https://.sharepoint.com/AllSites.FullControl https://.sharepoint.com/AllSites.Read https://.sharepoint.com/Group.ReadWrite.All https://.sharepoint.com/Sites.FullControl.All https://sharepoint.com/.default"
attempt to groupify the site:
add-pnpmicrosoft365grouptosite -url -displayname -alias -keepoldhomepage
What is the version of the Cmdlet module you are running?

2.12.0; 2.99.139 (version doesn't seem to matter)

Which operating system/environment are you running PnP PowerShell on?

[x ] Windows
Linux
[ x] MacOS
Azure Cloud Shell
Azure Functions
Other : please specify
@nuclearxp nuclearxp added the bug Something isn't working label Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nuclearxp