My script runs fine using SharePoint Online Management Shell but fails in Azure automation runbook(The sign-in name or password does not match one in the Microsoft account system)

Question

question

NargessMojtahedi-0974 asked Apr 22, '22 tbgangav-MSFT answered Jun 4, '22

My script runs fine using SharePoint Online Management Shell but fails in Azure automation runbook(The sign-in name or password does not match one in the Microsoft account system)

Hi
I tried to use "Connect-SPOService" in my Runbooks and it worked fine, but from two weeks ago it started failing.

Connect-SPOService -Url "https://xxxx-admin.sharepoint.com/" -Credential $ serviceAccountCred

It works fine when I try it in Windows Powershell.

I have installed:
Microsoft.Online.SharePoint.PowerShell 16.0.22315.12000

and MFA is disabled and my account is Global admin.
It does not fail when I use Connect-PnPOnline and Connect-AzureAD.
it runs fine using SharePoint Online Management Shell but fails in Azure automation runbook.

thanks
Nargess

azure-automation

· 2

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NargessMojtahedi-0974 · Apr 25 at 08:40 AM

Hi
is there no one who could help me?

0 ·

tbgangav-MSFT NargessMojtahedi-0974 · Apr 26 at 07:52 AM

Hi @NargessMojtahedi-0974,

I have just seen this older thread as well that's from you, if you are globaladmin and are using same service account and disabled MFA and if it works without any issue in PowerShell and only fails in Runbook and then error "Connect-SPOService : The sign-in name or password does not match one in the Microsoft account system" might not be because of wrong URL or credentials or expiry so I would recommend to double-check if your Azure environment has any conditional access policy or any other policy to block basic authentication causing the runbook to fail.

Also as per this older thread, I understand that you are facing this issue since many days without a quick resolution so to try diagnosing and troubleshooting the cause of the issue here it would require deep dive with the help of access to your environment and related troubleshooter logs and traces if required. Hence, I thought of recommending you to raise a Azure technical support ticket but I see that you already have raised it yesterday (with case ID 2204250050000842). I hope it gets resolved with the help of Azure technical support.

On the other hand, as recommended above, let me know if your Azure environment has any conditional access policy or any other policy to block basic authentication causing the runbook to fail and if that's the case then excluding your service account from those might resolve the issue.

0 ·

Answer 1 · 2022-06-04T07:53:23.71Z

tbgangav-MSFT answered Jun 4, '22

Hi @NargessMojtahedi-0974,

<<Sharing the summary of Azure technical support request here so it would benefit the other members of the Microsoft Q&A community who might be looking for similar information.>>

Issue:

Runbook was failing with the error: "The sign-in name or password does not match one in the Microsoft account system" when trying to connect to SPO service.

Cause:

Customer environment has a Conditional Access Policy that blocks legacy authentication. Microsoft.Online.SharePoint.PowerShell module does not work with modern authentication in unattended mode.

Solution:

In this scenario there is no perfect solution as on one hand the Azure Runbook nature that doesn’t allow any interactivity and on the other hand there are PowerShell limitations. Workaround is either making an exclusion in the Conditional Access Policy that blocks legacy authentication for the user account or using the PnP module to connect to SharePoint Online.

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question