Fix “Connect-PnPOnline : AADSTS65001: The user or administrator has not consented to use the application with ID ‘31359c7f-bd7e-475c-86db-fdb8c937548e’ named ‘PnP Management Shell’. Send an interactive authorization request for this user and resource.”

Problem: When trying to connect to SharePoint Online using PnP PowerShell user name and password, I got this error message: Connect-PnPOnline : AADSTS65001: The user or administrator has not consented to use the application with ID ‘31359c7f-bd7e-475c-86db-fdb8c937548e’ named ‘PnP Management Shell’. Send an interactive authorization request for this user and resource.

#Set Variables
$SiteURL = "https://Crescent.sharepoint.com/"
 
#Get Credentials to connect
$Cred = Get-Credential
 
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Credentials $Cred
Connect-PnPOnline-AADSTS65001-The user or administrator has not consented to use the application

Solution:

The new PnP.PowerShell module uses an App “PnP Management Shell” with the ID “31359c7f-bd7e-475c-86db-fdb8c937548e” to connect to SharePoint Online, and you must grant permission to this PnP Management Shell application if you want to connect with user name and password.

Run the Register-PnPManagementShellAccess PowerShell cmdlet as a Global Administrator.

Register-PnPManagementShellAccess

You’ll be prompted to consent to a set of permissions. “Consent on behalf of your organization” and click on the “Accept” button.

grant permission to PnP Management Shell

That’s all. This will resolve the error. As a side note, The Connect-PnPonline -url “site URL” -interactive method just works fine without this step. My post on installing PnP PowerShell for SharePoint Online: How to Install the PnP PowerShell Module for SharePoint Online?

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

6 thoughts on “Fix “Connect-PnPOnline : AADSTS65001: The user or administrator has not consented to use the application with ID ‘31359c7f-bd7e-475c-86db-fdb8c937548e’ named ‘PnP Management Shell’. Send an interactive authorization request for this user and resource.”

  • I’m on a GCC High Tenant and got this error while utilizing the “User Permissions Audit Report for a Site Collection using PnP PowerShell” script.

    Posting my solution here for any other Sovereign cloud users who may need it.

    Credit for the relevant commands: https://techcommunity.microsoft.com/t5/public-sector-blog/using-sharepoint-look-book-in-your-gcc-high-tenant-new-pnp/ba-p/2200787

    I was able to resolve the error by creating my PnP PowerShell app registration with the following command:

    Register-PnPAzureADApp -ApplicationName “PnP PowerShell” `
    -Tenant [TENANT].onmicrosoft.[com|us|mil|de|cn] -Interactive `
    -AzureEnvironment [USGovernment|USGovernmentHigh|USGovernmentDoD|Germany|China] `
    -SharePointDelegatePermissions AllSites.FullControl `
    -SharePointApplicationPermissions Sites.FullControl.All `
    -GraphApplicationPermissions Group.ReadWrite.All `
    -GraphDelegatePermissions Group.ReadWrite.All

    This command will register an app called “PnP PowerShell” and the output will have a GUID called AzureAppId/ClientId. Use that for the ClientID in the next step.

    I was then able to connect to PnP Online with this command.

    Connect-PnPOnline -Url https://[TENANT].sharepoint.[com|us|mil|de|cn]/sites/[SITE COLLECTION] `
    -Interactive -AzureEnvironment [USGovernment|USGovernmentHigh|USGovernmentDoD|Germany|China] `
    -ClientId [ClientID] -Tenant
    “[TENANT].onmicrosoft.[com|us|mil|de|cn]”

    Reply
  • Can i use something like this for an clientid in linke appinv.aspx

    Reply
  • I wonder why such permissions as write permission(on catalog? on groups ), invite external guests to organization and acces azure service managment are necesary just to execute some powershell scripts… except for some admin applications maybe, but not in general ..

    Reply
  • What if I am not a global admin?

    Reply
  • Great article.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *