SharePoint Online: Fix “The remote server returned an error: (403) Forbidden.” Error in PowerShell

Error: Exception calling “ExecuteQuery” with “0” argument(s): “The remote server returned an error: (403) Forbidden.” in PowerShell scripts for SharePoint Online.

sharepoint online powershell the remote server returned an error (403) forbidden

Troubleshooting Checklist for 403 forbidden in SharePoint Online PowerShell:

The “The remote server returned an error: (403) Forbidden.” error can occur when connecting to SharePoint Online using PowerShell. This error typically indicates that the credentials you are using to connect to the site are incorrect or that the user account does not have sufficient permissions to access the site. there are several things you can try:

Follow this checklist to resolve ExecuteQuery 403 forbidden error in SharePoint Online PowerShell.

  1. You may have provided the credentials of another tenant, which would end up with this error message (Which happens when working with multiple tenants!) So make sure the URL and credentials are correct.
  2. You may be missing the SharePoint Online Client Component SDK on your client computer. Make sure you have the latest version installed, and the referenced DLL paths are correct.
  3. You may be attempting to access a site that you don’t have access to! Verify your access to the site by browsing it. Having Tenant Admin or SharePoint Online Administrator roles doesn’t gain your access to SharePoint sites automatically. You have to add yourself to the site explicitly: How to Add Site collection Administrator to SharePoint Online using PowerShell?
  4. The site may be in a locked state! You can check the lock status and unlock: How to Lock/Unlock Sites in SharePoint Online?
  5. You may need to be in your organization network with a compliant device as per the conditional access policies of your tenant.
  6. The credential you pass must be of type “SharePointOnlineCredentials”. E.g.,
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
$SiteURL = ""
$UserName = ""
$Password = "Password goes here"
$SecurePassword= $Password | ConvertTo-SecureString -AsPlainText -Force
#Setup the Context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Cred = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserName, $SecurePassword)
$Ctx.Credentials = $Cred
#Get the Site Collection storage used
$Site = $Ctx.Site
$StorageUsed = [Math]::Round(($Site.Usage.Storage/1MB),2)
#Get Site Collection Size
Write-host "Storage Used: $StorageUsed MB"
  1. If you try to connect to the Tenant Admin site, make sure the Tenant Admin URL is:, The below script would give you an error: Get-PnPSite : The remote server returned an error: (403) Forbidden.
$TenantAdminURL = ""
#Connect to the Site
Connect-PnPOnline -URL $TenantAdminURL -Interactive

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

5 thoughts on “SharePoint Online: Fix “The remote server returned an error: (403) Forbidden.” Error in PowerShell

  • Thanks for posting this, very helpful! The issue for me was my account uses MFA so I had to create an app password, and that worked.

  • I found that the advice in this article was useful in resolving the access issue with a 403 Forbidden or 401 not authorized error message. For some reason a few sites were in a Locked state!

  • In my organization we don’t even access out sites with a user name or password, the system authenticates us with the pki cert we present. We don’t even use a pin. How would I use my PKI cert instead of a PIN to authenticate using CSOM via powershell?

  • Thanks, Installing CSOM SDK resolved my issue.


Leave a Reply

Your email address will not be published. Required fields are marked *