Multi-factor authentication (MFA) with PowerShell

May 31, 2019

The use of multi-factor authentication (MFA) is growing by the day. More and more customers are enabling MFA for administrator accounts to protect their cloud environment a little bit more. But that also might affect your PowerShell scripts. In this post I want to point out how to deal with MFA enabled accounts in your PowerShell script.
SharePoint Patterns and Practices (PnP) contains a library of PowerShell commands (PnP PowerShell) that allows you to perform complex provisioning and artifact management actions towards SharePoint. The commands use CSOM and can work against both SharePoint Online as SharePoint On-Premises.


There are 3 ways to install the cmdlets. We recommend, where possible, to install them from the PowerShell Gallery. Alternatively you can download the setup files or run a PowerShell script to download the PowerShellGet module and install the cmdlets subsequently.

PowerShell Gallery

If you main OS is Windows 10, or if you have PowerShellGet installed, you can run the following commands to install the PowerShell cmdlets:

SharePoint Version Command to install
SharePoint Online Install-Module SharePointPnPPowerShellOnline
SharePoint 2019 Install-Module SharePointPnPPowerShell2019
SharePoint 2016 Install-Module SharePointPnPPowerShell2016
SharePoint 2013 Install-Module SharePointPnPPowerShell2013

Notice: if you install the latest PowerShellGet from Github, you might receive an error message stating

PackageManagement\Install-Package : The version ‘x.x.x.x’ of the module ‘SharePointPnPPowerShellOnline’ being installed is not catalog signed.

In order to install the cmdlets when you get this error specify the -SkipPublisherCheck switch with the Install-Module cmdlet, e.g. Install-Module SharePointPnPPowerShellOnline -SkipPublisherCheck -AllowClobber

Trick for MFA Script:


Applies to:

SharePoint Server 2013, SharePoint Server 2016, SharePoint Online

Connect to a SharePoint site

PowerShell Copy


-Url <String>

-UseWebLogin [<SwitchParameter>]

[-ReturnConnection [<SwitchParameter>]]

[-MinimalHealthScore <Int>]

[-RetryCount <Int>]

[-RetryWait <Int>]

[-RequestTimeout <Int>]

[-CreateDrive [<SwitchParameter>]]

[-DriveName <String>]

[-Scopes <String[]>]

[-TenantAdminUrl <String>]

[-SkipTenantAdminCheck [<SwitchParameter>]]

[-IgnoreSslErrors [<SwitchParameter>]]

[-NoTelemetry [<SwitchParameter>]]



If you want to connect to SharePoint with browser based login. This is required when you have multi-factor authentication (MFA) enabled.

Type: SwitchParameter
Position: Named
Accept pipeline input: False
Accept wildcard characters: False


Click below to read more….
Powershell and Office 365-POC Guidelines-ByCognitiveConvergenceTeam-Blog