{"id":14452,"date":"2026-01-09T03:01:12","date_gmt":"2026-01-08T18:01:12","guid":{"rendered":"https:\/\/m365jp.net\/?p=14452"},"modified":"2026-01-09T03:01:38","modified_gmt":"2026-01-08T18:01:38","slug":"mc1188595-updated-app-only-certificate-based-authentication-now-available-in-sharepoint-online-management-shell","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-01-09-mc1188595-updated-app-only-certificate-based-authentication-now-available-in-sharepoint-online-management-shell","title":{"rendered":"MC1188595 | (Updated) App-only certificate-based authentication now available in SharePoint Online Management Shell"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1188595 | (Updated) App-only certificate-based authentication now available in SharePoint Online Management Shell<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>01\/08\/2026 17:15:00<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>11\/21\/2025 00:14:43<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>01\/31\/2026 08:00:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>Updated January 8, 2026: We have updated the content. Thank you for your patience.<\/p>\n<p><b>[Introduction]<\/b><\/p>\n<p>  <\/p>\n<p>We are pleased to announce that <b>SharePoint Online Management Shell <\/b>now supports<b> App-Only Certificate-Based Authentication<\/b>. This update addresses the business need for secure, unattended automation in environments where (for example)<b>&nbsp;Multi-Factor   Authentication (MFA)<\/b> is enforced. With this enhancement, customers can run automation scripts using app identities, ensuring compliance with security policies while maintaining operational efficiency.<\/p>\n<p><b>[When this will happen:]<\/b><\/p>\n<p>  <\/p>\n<p>This feature is now generally available. Minimum version of SPO Management Shell required for this is 16.0.26712.12000<\/p>\n<p><b>[How this affects your organization:]<\/b><\/p>\n<p>  <\/p>\n<p><b>Who is affected:<\/b> SharePoint administrators and automation engineers using  <b>SharePoint Online Management Shell<\/b> for scripting and automation.<\/p>\n<p>  <\/p>\n<p><b>What will happen:<\/b><\/p>\n<p>  <\/p>\n<ul>  <\/p>\n<li>Customers can now authenticate scripts using app identities registered in <b>  Microsoft Entra ID<\/b> (formerly Azure AD), instead of user credentials.<\/li>\n<p>  <\/p>\n<li>This enables seamless execution of unattended scripts, even when MFA is enforced.<\/li>\n<p>  <\/p>\n<li>We expect most scenarios to work with App-Only authentication. However, there could be rare cases where an API needs an explicit user token for security reasons. In such cases, tenant admins should use interactive flows with admin\/user credentials. Feel   free to reach out to us if needed.<\/li>\n<p>  <\/ul>\n<p><b>[What you can do to prepare:]<\/b><\/p>\n<p>  <\/p>\n<p>Follow these one-time steps to register your app and enable certificate-based authentication:<\/p>\n<p>  <\/p>\n<ol>  <\/p>\n<li><b>Step 1:<\/b> <a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-1-register-the-application-in-microsoft-entra-id\">  Register the application in Microsoft Entra ID<\/a>.<\/li>\n<p>  <\/p>\n<li><b>Step 2:<\/b> Assign API permissions to the application:<br \/> \n<ul>  <\/p>\n<li><b>Tenant Admin APIs<\/b> allow <b>App-Only<\/b> permissions for SPO resources using the&nbsp;<code>Sites.FullControl.All<\/code>&nbsp;App-only scope.<\/li>\n<p>  <\/p>\n<li>We are in the process of supporting more granular scopes for tenant APIs. For up-to-date information, refer to  <a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-1-register-the-application-in-microsoft-entra-id\">  SharePoint Admin APIs Authentication and Authorization<\/a>.<\/li>\n<p>  <\/p>\n<li>You can assign permissions by:<br \/> \n<ul>  <\/p>\n<li>Selecting and assigning API permissions from the portal.<\/li>\n<li>Assigning admin role to the service principal in optional.<\/li>\n<p>  <\/p>\n<li>Modifying the app manifest to assign API permissions (required for Microsoft 365 GCC High and DoD organizations).<\/li>\n<p>  <\/ul>\n<p>  <\/li>\n<p>  <\/p>\n<li>Learn more: <a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-2-assign-api-permissions-to-the-application\" target=\"_blank\">  Step 2: Assign API permissions to the application<\/a><\/li>\n<p>  <\/ul>\n<p>  <\/li>\n<p>  <\/p>\n<li><b>Step 3:<\/b> <a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-3-generate-a-self-signed-certificate\">  Generate a self-signed certificate<\/a> or obtain one from a certificate authority.<\/li>\n<p>  <\/p>\n<li><b>Step 4:<\/b> <a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-4-attach-the-certificate-to-the-microsoft-entra-application\">  Attach the certificate to the Microsoft Entra application<\/a>.<\/li>\n<p>  <\/ol>\n<p>  <\/p>\n<p>Once these steps are completed, update the <code>Connect-SPOService<\/code> line at the beginning of your scripts to use the app identity instead of user credentials. For examples, refer examples 7, 8, and 9 in this article:  <a href=\"https:\/\/learn.microsoft.com\/powershell\/module\/microsoft.online.sharepoint.powershell\/connect-sposervice?view=sharepoint-ps\">  Connect-SPOService (Microsoft.Online.SharePoint.PowerShell)<\/a>.<\/p>\n<p><b>[Compliance considerations:]<\/b><\/p>\n<p>  <\/p>\n<p>No compliance considerations identified, review as appropriate for your organization.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>2026\u5e741\u67088\u65e5\u66f4\u65b0:\u5185\u5bb9\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\u3054\u8f9b\u62b1\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n<p><b>[\u306f\u3058\u3081\u306b]<\/b><\/p>\n<p>  <\/p>\n<p>SharePoint <b>Online Management Shell <\/b>\u304c\u73fe\u5728\u3001<b> \u30a2\u30d7\u30ea\u306e\u307f\u306e\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u8a8d\u8a3c<\/b>\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u3053\u3068\u3092\u304a\u77e5\u3089\u305b\u3067\u304d\u308b\u3053\u3068\u3092\u5b09\u3057\u304f\u601d\u3044\u307e\u3059\u3002\u3053\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306f\u3001<b>&nbsp;\u4f8b\u3048\u3070\u591a\u8981\u7d20\u8a8d\u8a3c(MFA)<\/b> \u304c\u5f37\u5236\u3055\u308c\u3066\u3044\u308b\u74b0\u5883\u306b\u304a\u3051\u308b\u5b89\u5168\u3067\u7121\u4eba\u64cd\u4f5c\u306e\u30d3\u30b8\u30cd\u30b9\u30cb\u30fc\u30ba\u306b\u5fdc\u3048\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u5f37\u5316\u306b\u3088\u308a\u3001\u9867\u5ba2\u306f\u30a2\u30d7\u30ea\u306e\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u3092\u4f7f\u3063\u3066\u81ea\u52d5\u5316\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30dd\u30ea\u30b7\u30fc\u306e\u9075\u5b88\u3092\u78ba\u4fdd\u3057\u3064\u3064\u904b\u7528\u52b9\u7387\u3092\u7dad\u6301\u3067\u304d\u307e\u3059\u3002<\/p>\n<p><b>[\u3044\u3064\u8d77\u3053\u308b\u304b:]<\/b><\/p>\n<p>  <\/p>\n<p>\u3053\u306e\u6a5f\u80fd\u306f\u73fe\u5728\u3001\u4e00\u822c\u306b\u5229\u7528\u53ef\u80fd\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002SPO\u7ba1\u7406\u30b7\u30a7\u30eb\u306e\u6700\u4f4e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f16.0.26712.12000\u3067\u3059\u3002<\/p>\n<p><b>[\u3053\u308c\u304c\u3042\u306a\u305f\u306e\u7d44\u7e54\u306b\u3069\u306e\u3088\u3046\u306a\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u304b:]<\/b><\/p>\n<p>  <\/p>\n<p><b>\u5f71\u97ff\u3092\u53d7\u3051\u308b\u4eba\u7269:<\/b> SharePoint\u306e\u7ba1\u7406\u8005\u3084\u81ea\u52d5\u5316\u30a8\u30f3\u30b8\u30cb\u30a2\u306f\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u4f5c\u6210\u3084\u81ea\u52d5\u5316\u306e\u305f\u3081\u306b <b>SharePoint Online Management Shell<\/b> \u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>  <\/p>\n<p><b>\u4eca\u5f8c\u306e\u5c55\u958b:<\/b><\/p>\n<p>  <\/p>\n<ul>  <\/p>\n<li>\u9867\u5ba2\u306f\u30e6\u30fc\u30b6\u30fc\u8a8d\u8a3c\u60c5\u5831\u306e\u4ee3\u308f\u308a\u306b <b>\u3001Microsoft Entra ID<\/b> (\u65e7Azure AD)\u306b\u767b\u9332\u3055\u308c\u305f\u30a2\u30d7\u30eaID\u3092\u4f7f\u3063\u3066\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u8a8d\u8a3c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/li>\n<p>  <\/p>\n<li>\u3053\u308c\u306b\u3088\u308a\u3001MFA\u304c\u5f37\u5236\u3055\u308c\u3066\u3044\u3066\u3082\u7121\u4eba\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u30b7\u30fc\u30e0\u30ec\u30b9\u306a\u5b9f\u884c\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002<\/li>\n<p>  <\/p>\n<li>\u307b\u3068\u3093\u3069\u306e\u30b7\u30ca\u30ea\u30aa\u306f\u30a2\u30d7\u30ea\u306e\u307f\u8a8d\u8a3c\u3067\u52d5\u4f5c\u3059\u308b\u3068\u4e88\u60f3\u3057\u3066\u3044\u307e\u3059\u3002\u3057\u304b\u3057\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u7406\u7531\u3067API\u304c\u660e\u793a\u7684\u306a\u30e6\u30fc\u30b6\u30fc\u30c8\u30fc\u30af\u30f3\u3092\u5fc5\u8981\u3068\u3059\u308b\u7a00\u306a\u30b1\u30fc\u30b9\u3082\u3042\u308a\u307e\u3059\u3002\u305d\u306e\u3088\u3046\u306a\u5834\u5408\u3001\u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005\u306f\u7ba1\u7406\u8005\/\u30e6\u30fc\u30b6\u30fc\u8a8d\u8a3c\u60c5\u5831\u3092\u7d44\u307f\u5408\u308f\u305b\u305f\u30a4\u30f3\u30bf\u30e9\u30af\u30c6\u30a3\u30d6\u306a\u30d5\u30ed\u30fc\u3092\u4f7f\u3046\u3079\u304d\u3067\u3059\u3002\u5fc5\u8981\u306a\u3089\u304a\u6c17\u8efd\u306b\u304a\u554f\u3044\u5408\u308f\u305b\u304f\u3060\u3055\u3044\u3002<\/li>\n<p>  <\/ul>\n<p><b>[\u6e96\u5099\u306e\u305f\u3081\u306b\u3067\u304d\u308b\u3053\u3068:]<\/b><\/p>\n<p>  <\/p>\n<p>\u30a2\u30d7\u30ea\u3092\u767b\u9332\u3057\u3001\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u3092\u6709\u52b9\u306b\u3059\u308b\u306b\u306f\u3001\u6b21\u306e\u4e00\u5ea6\u9650\u308a\u306e\u624b\u9806\u306b\u5f93\u3063\u3066\u304f\u3060\u3055\u3044:<\/p>\n<p>  <\/p>\n<ol>  <\/p>\n<li><b>\u30b9\u30c6\u30c3\u30d71:<\/b><a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-1-register-the-application-in-microsoft-entra-id\">Microsoft Entra ID\u3067\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u767b\u9332\u3057\u307e\u3059<\/a>\u3002<\/li>\n<p>  <\/p>\n<li><b>\u30b9\u30c6\u30c3\u30d72:<\/b> \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306bAPI\u6a29\u9650\u3092\u5272\u308a\u5f53\u3066\u308b:\n<ul>  <\/p>\n<li><b>\u30c6\u30ca\u30f3\u30c8\u7ba1\u7406\u8005API\u306f<\/b>\u3001<code>Sites.FullControl.All<\/code>&nbsp;\u30a2\u30d7\u30ea\u30aa\u30f3\u30ea\u30fc\u30b9\u30b3\u30fc\u30d7\u3092\u7528\u3044\u305f&nbsp;SPO\u30ea\u30bd\u30fc\u30b9\u306b\u5bfe\u3057\u3066<b>\u30a2\u30d7\u30ea\u30aa\u30f3\u30ea\u30fc<\/b>\u6a29\u9650\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002<\/li>\n<p>  <\/p>\n<li>\u73fe\u5728\u3001\u30c6\u30ca\u30f3\u30c8API\u306e\u3088\u308a\u7d30\u304b\u3044\u30b9\u30b3\u30fc\u30d7\u306e\u30b5\u30dd\u30fc\u30c8\u3092\u9032\u3081\u3066\u3044\u307e\u3059\u3002\u6700\u65b0\u60c5\u5831\u306b\u3064\u3044\u3066\u306f\u3001 <a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-1-register-the-application-in-microsoft-entra-id\">  SharePoint\u7ba1\u7406\u8005API\u306e\u8a8d\u8a3c\u304a\u3088\u3073\u8a8d\u8a3c<\/a>\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<p>  <\/p>\n<li>\u6a29\u9650\u306e\u5272\u308a\u5f53\u3066\u306f\u4ee5\u4e0b\u306e\u65b9\u6cd5\u3067\u53ef\u80fd\u3067\u3059:\n<ul>  <\/p>\n<li>\u30dd\u30fc\u30bf\u30eb\u304b\u3089API\u6a29\u9650\u3092\u9078\u629e\u3057\u5272\u308a\u5f53\u3066\u308b\u3053\u3068\u3002<\/li>\n<li>\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u30b5\u30fc\u30d3\u30b9\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u306b\u7ba1\u7406\u8005\u5f79\u5272\u3092\u5272\u308a\u5f53\u3066\u308b\u3053\u3068\u3002<\/li>\n<p>  <\/p>\n<li>\u30a2\u30d7\u30ea\u30de\u30cb\u30d5\u30a7\u30b9\u30c8\u3092\u4fee\u6b63\u3057\u3066API\u6a29\u9650\u3092\u5272\u308a\u5f53\u3066\u308b\u3053\u3068(Microsoft 365 GCC High\u3084DoD\u7d44\u7e54\u3067\u5fc5\u8981)\u3002<\/li>\n<p>  <\/ul>\n<p>  <\/li>\n<p>  <\/p>\n<li>\u8a73\u7d30\u306f\u3053\u3061\u3089: <a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-2-assign-api-permissions-to-the-application\" target=\"_blank\">  \u30b9\u30c6\u30c3\u30d72:\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306bAPI\u6a29\u9650\u3092\u5272\u308a\u5f53\u3066\u308b<\/a><\/li>\n<p>  <\/ul>\n<p>  <\/li>\n<p>  <\/p>\n<li><b>\u30b9\u30c6\u30c3\u30d73:<\/b><a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-3-generate-a-self-signed-certificate\">\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b<\/a>\u304b\u3001\u8a3c\u660e\u66f8\u767a\u884c\u6a5f\u95a2\u304b\u3089\u53d6\u5f97\u3057\u307e\u3059\u3002<\/li>\n<p>  <\/p>\n<li><b>\u30b9\u30c6\u30c3\u30d74:<\/b><a href=\"https:\/\/learn.microsoft.com\/powershell\/exchange\/app-only-auth-powershell-v2?view=exchange-ps#step-4-attach-the-certificate-to-the-microsoft-entra-application\">\u8a3c\u660e\u66f8\u3092Microsoft Entra\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u6dfb\u4ed8\u3057\u307e\u3059<\/a>\u3002<\/li>\n<p>  <\/ol>\n<p>  <\/p>\n<p>\u3053\u308c\u3089\u306e\u30b9\u30c6\u30c3\u30d7\u304c\u5b8c\u4e86\u3057\u305f\u3089\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5192\u982d\u306e<code>Connect-SPOService<\/code>\u884c\u3092\u66f4\u65b0\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u8a8d\u8a3c\u60c5\u5831\u306e\u4ee3\u308f\u308a\u306b\u30a2\u30d7\u30eaID\u3092\u4f7f\u3046\u3088\u3046\u306b\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u4f8b\u306b\u3064\u3044\u3066\u306f\u3001\u3053\u306e\u8a18\u4e8b\u306e\u4f8b7\u30018\u30019\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044:<a href=\"https:\/\/learn.microsoft.com\/powershell\/module\/microsoft.online.sharepoint.powershell\/connect-sposervice?view=sharepoint-ps\">Connect-SPOService   (Microsoft.Online.SharePoint.PowerShell)\u3002<\/a><\/p>\n<p><b>[\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u4e0a\u306e\u8003\u616e\u4e8b\u9805:]<\/b><\/p>\n<p>  <\/p>\n<p>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u4e0a\u306e\u61f8\u5ff5\u4e8b\u9805\u306f\u7279\u5b9a\u3055\u308c\u305a\u3001\u7d44\u7e54\u306b\u5fdc\u3058\u3066\u30ec\u30d3\u30e5\u30fc\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1188595 | (Updated) App-only certificate-based authentication now available in SharePoint Online Management  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14452","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=14452"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14452\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=14452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=14452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=14452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}