Connect-OrganizationAddInService using Entra ServicePrincipal ID

Question

I am trying to find if someone has successfully done this, basically automatize the deployment of an Add-in to Office 365

• Client Secret: "1111111111111111111" (This is a secret that should be protected and not shown, I am having a look how to improve this)
• APP ID: "2222222222222222222222222"
• TenantID : "333333333333333333333333"

Followed:

• https://learn.microsoft.com/en-us/microsoft-365/enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins?view=o365-worldwide

https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps

Created a Microsoft Entra App and added:

• Office 365 Exchange Online and Exchange.ManageAsAPP API Permissions
• In Microsoft Entra roles and administrators, Exchange Administrator added MSOfficeAddon Princial App

I tried the below, but not working

Import-Module -Name O365CentralizedAddInDeployment
Install-Module -Name O365CentralizedAddInDeployment

$clientSecret = "1111111111111111111" 
$appId = "2222222222222222222222222"
$tenantId = "333333333333333333333333"

$secureStringPwd = $clientSecret | ConvertTo-SecureString -AsPlainText -Force
$psCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList
$appId, $secureStringPwd
Connect-OrganizationAddInService -Credential $psCredential

Then two different outcomes errors

• Connect-OrganizationAddInService : The Organization Add-In Service session was not initialized. Please call the Connect-OrganizationAddInService commandlet first.
• OrganizationAddInService : The user name or password is incorrect. Verify your user name, and then type your password again.

I tested the PSCredentials and worked

Connect-AzAccount -ServicePrincipal -Credential $psCredential -Tenant $tenantId

Answer 1

Afaik the corresponding endpoint only supports delegate permissions, you cannot connect via a service principal.