Question 191068 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Error message 401 unauthorized if I try to apply a design over a SharePoint Online Teamsite

I use a runbook with Powershell 5.1 and the pnp.powershell 1.12 framework.

I create a SharePoint site automatically with a managed identity. Everything works fine untile I try to apply the design which I have created before. I always get the message unauthorized. I don’t know where I need to gave the managed identity more rights.

I hope you can help.

here is the code so far:

   write-output "Site is not created yet!"
   
   New-PNPSite -Type TeamSiteWithoutMicrosoft365Group -Title $siteTitle -url $siteUrl - 
   Owner "matthias@[tenant].onmicrosoft.com" -Lcid 1033

   write-output "The site has been created!"

   write-output "Connect to new site $siteTitle" 

   Connect-PnPOnline -url $siteUrl -ManagedIdentity

   Get-PnPContext

   write-output "Create Folders"
 
  $Folder100= Add-PNPFolder -Name $folderName100 -Folder $relativFolderPath
  $Folder200= Add-PNPFolder -Name $folderName200 -Folder $relativFolderPath
  $Folder300= Add-PNPFolder -Name $folderName300 -Folder $relativFolderPath
  $Folder900= Add-PNPFolder -Name $folderName900 -Folder $relativFolderPath
  


  #site Design
  Add-PnPSiteDesignTask -SiteDesignId eb8c67ca-9342-4821-b0ec-a173cc6481e6

then in the last step I get the error message: The remote server returned an error: (401)
Unauthorized.

error Message runbook

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I solved the problem by my own. I want to use a managed identity and not an app registration. I changed the last lines to the following:

    Connect-PnPOnline -url "https://tenant-admin.shareppint.com" 
-ManagedIdentity

Add-PnPSiteDesignTask -SiteDesignId eb8c67ca-9342-4821-b0ec-a173cc6481e6 
-weburl "https://tenant.sharepoint.com/sites/name"

    Then it works without any problems.

    Best regards

    Matthias


  2. 0

    To implement the design, you must provide the managed identity the necessary privileges. Refer MSDoc to apply the required permissions to the managed identity.

    Make sure that you are connecting to sharepoint in an administrator mode.

    Connect-PnPOnline -Url https://tenant.sharepoint.com" -clientId <APPID> -clientSecret <appsecret>

    Grant-PnPAzureADAppSitePermission -Site <siteurl> -AppId <ID> -PermissionGroup "read/write"

    Once you give read/write permissions through Grant-PnPAzureADAppSitePermission PowerShell command, use
    Set-PnPAzureADAppSitePermission to give full control permissions.

    The above steps will give the complete permissions to access the share point and implement the site design.

    Note: Check the PnP.Powershell module version. It should be compatible with the PowerShell runtime version of runbook in azure automation(5.1).

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search