Certificate-based authentication is a secure method for connecting to SharePoint Online and Microsoft 365 services using service principals and automated scripts. This guide demonstrates two methods for generating self-signed certificates using PowerShell and how to use them with PnP PowerShell for SharePoint authentication. Table of Contents Why Use Certificate-Based Authentication? Prerequisites Method 1: Using New-SelfSignedCertificate Method 2: Using New-PnPAzureCertificate Locating Your Certificate Exporting Certificates Registering Certificate with Entra ID App Connecting to SharePoint with Certificate Best Practices Troubleshooting Conclusion References Why Use Certificate-Based Authentication?

Introduction PnP PowerShell authentication for Microsoft 365 has evolved significantly over the years. The multi-tenant app registration approach was decommissioned for security reasons, requiring each tenant to set up its own app registration. Fortunately, the PnP team has simplified this process with automated cmdlets that streamline app registration and authentication setup. This guide covers modern PnP PowerShell authentication methods, including interactive login setup, multi-tenant management, and certificate-based authentication. The Evolution of PnP PowerShell Authentication Before: Multi-Tenant App Registration Single shared app registration across all tenants Simplified initial setup but created security concerns Decommissioned for enhanced security Now: Tenant-Specific App Registrations Each tenant needs to create and maintain its own app registration(s) Enhanced security and control Automated setup through PnP cmdlets Method 1: Interactive Login Setup Step 1: Create App Registration Automatically The Register-PnPEntraIDAppForInteractiveLogin cmdlet automatically creates an app registration with default permissions: