Do I need VM or Laptop Admin Rights to use PnP.PowerShell in a Migration?

March 18, 2023 By pH7x Systems

Well this is a good question, the answer is NO

If your SharePoint Administrator grant you the Tenant Permissions.

Because You need to run this cmdlet with an identity that has write access to the Azure AD. You are not creating a new application in the sense of something that runs in your Azure AD tenant. You’re only adding a registration to your Azure AD, a so called ‘consent’ for people in your tenant to use that application. The access rights the application requires are delegate only, so you will always have to provide credentials or another way of identifying the user actually using that application.

Setting up Access Tenant Admins

You have, as always, to understand the Governance of the Corporation.

In our previsions WBBrags we see some scenarios about SharePoint Migrations, click in the Categories Brown Bag

If you have administrative permission to use use the PNP.PowerShell on your Machine, these are the steps. But remember, Administrative Permissions is you are authorized to use it in a Virtual Machine or Laptop, you don’t want to break any rules of your corporation.

First lets Manually download the .nupkg Package from the Microsoft 365 Patterns and Practices PowerShell Cmdlets

Once you get it, rename the File to ZIP and extract

Extract to a Well Know Folder Name, like C:\PS\, that’s because you want to use more than one version

C:\PS\1.12.0
C:\PS\1.6.0

The Next Step is understanding what Remote Signing Options the Governance allow you to run the CMDLETS

Get-ExecutionPolicy -List

In this case the LocalMachine is allowed, so you only have to import the PSD1 File, see Import-Module

Now Let’s import all the commands, this means you have to import the PSD1 file, will give you all the stuff 🙂

Import-Module C:\PS\1.12.0\PnP.PowerShell.psd1
Connect-PnPOnline -Url "https:/tenant.sharepoint.com"

On the other hand, if you only have Unrestricted for the CurrentUser you are not able to run any CMDLET without explicit declare the Execution Policy

Set-ExecutionPolicy -Scope CurrentUser RemoteSigned -Force
Import-Module C:\PS\1.12.0\PnP.PowerShell.psd1
Connect-PnPOnline -Url "https:/tenant.sharepoint.com"

A final note is always validate with your Local CISO and the SharePoint Admin if you are allowed to do so, because in tight security companies you can be fired or if you are an Independent Contractor you may incur in illegal practices and legal clauses will soon be activated.