| external help file | Microsoft.Online.SharePoint.PowerShell.dll-Help.xml |
|---|---|
| Module Name | Microsoft.Online.SharePoint.PowerShell |
| online version | https://learn.microsoft.com/powershell/module/microsoft.online.sharepoint.powershell/connect-sposervice |
| applicable | SharePoint Online |
| title | Connect-SPOService |
| schema | 2.0.0 |
| author | ShreyasSar26 |
| ms.author | shsaravanan |
| ms.reviewer | Mengke-Gh |
| description | Connect-SPOService is a PowerShell cmdlet in the Microsoft.Online.SharePoint.PowerShell module that connects a SharePoint Administrator or SharePoint Embedded Administrator to the SharePoint admin center. |
| ms.date | 03/04/2026 |
Connects a SharePoint Administrator or SharePoint Embedded Administrator to the SharePoint admin center. You must run this cmdlet before running any other SharePoint Online cmdlets.
Connect-SPOService [-Url] <UrlCmdletPipeBind> [[-ClientTag] <String>] [-Region <AADCrossTenantAuthenticationLocation>] [-AuthenticationUrl <String>] [-Certificate <X509Certificate2>] [-CertificatePath <String>] [-CertificateThumbprint <String>] [-CertificatePassword <SecureString>] -ClientId <String> -TenantId <String> [<CommonParameters>]
Connect-SPOService [-Url] <UrlCmdletPipeBind> [[-Credential] <CredentialCmdletPipeBind>] [[-ClientTag] <String>] [-Region <AADCrossTenantAuthenticationLocation>] [[-ModernAuth] <Boolean>] [[-UseSystemBrowser] <Boolean>]
Connect-SPOService [-Url] <UrlCmdletPipeBind> [[-Credential] <CredentialCmdletPipeBind>] [[-ClientTag] <String>] -AuthenticationUrl <String> [[-ModernAuth] <Boolean>] [[-UseSystemBrowser] <Boolean>] [<CommonParameters>]
This cmdlet connects a SharePoint Administrator or SharePoint Embedded Administrator to the SharePoint admin center. Only one SharePoint Online service connection is supported per Windows PowerShell session and per geo within an organization. If you run this cmdlet again, the existing connection is automatically disconnected and replaced with the new connection. The PowerShell session then uses the newly specified administrator context. Delegated partner administrators must switch connections when managing multiple organizations within the same PowerShell session. To run this cmdlet, you must be a SharePoint Administrator or SharePoint Embedded Administrator. For permission requirements and the latest guidance, see the Intro to SharePoint Online Management Shell documentation.
Connect-SPOService -Url https://contoso-admin.sharepoint.com -Credential admin@contoso.comThis example shows how a SharePoint Administrator using the admin@contoso.com account connects to the SharePoint admin center at https://contoso-admin.sharepoint.com.
$username = "admin@contoso.sharepoint.com"
$password = Read-Host -Prompt "Enter user password" -AsSecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName, $password
Connect-SPOService -Url https://contoso-admin.sharepoint.com -Credential $credThis example shows how a SharePoint Administrator connects to the SharePoint admin center at https://contoso-admin.sharepoint.com by creating a credential object from a username and password.
Connect-SPOService -Url https://contoso-admin.sharepoint.comThis example prompts for credentials. This approach is required when the account uses multi-factor authentication.
Connect-SPOService -Url https://contoso-admin.sharepoint.com -Region ITARThis example connects to the SharePoint admin center by specifying the authentication region.
Connect-SPOService -Credential $creds -Url https://tenant-admin.sharepoint.com -ModernAuth $true -AuthenticationUrl https://login.microsoftonline.com/organizationsThis example connects to the SharePoint admin center by using modern authentication.
Connect-SPOService -Url https://contoso-admin.sharepoint.com -UseSystemBrowser $trueThis example authenticates by using the Microsoft Authentication Library (MSAL) and connects to the SharePoint admin center after authentication succeeds.
$password = Read-Host -Prompt "Enter certificate password" -AsSecureString
Connect-SPOService -Url https://contoso-admin.sharepoint.com -ClientId 00000000-0000-0000-0000-000000000000 -TenantId 11111111-1111-1111-1111-111111111111 -CertificatePath C:\Certs\ContosoAppAuth.pfx -CertificatePassword $passwordThis example connects to the SharePoint admin center by using an app identity and a certificate file path, with an optional certificate password.
Connect-SPOService -Url https://contoso-admin.sharepoint.com -ClientId 00000000-0000-0000-0000-000000000000 -TenantId 11111111-1111-1111-1111-111111111111 -CertificateThumbprint "3FAAAA1111AAAAAAAAAAA2222AAAAAAAAAAAAAAA"This example connects to the SharePoint admin center by using an app identity and a certificate thumbprint.
$thumbprint = "3F2A5C9D4E7B8A1234567890ABCDEF1234567890"
$cert = Get-ChildItem Cert:\LocalMachine\My\$thumbprint
Connect-SPOService -Url https://contoso-admin.sharepoint.com -ClientId 00000000-0000-0000-0000-000000000000 -TenantId 11111111-1111-1111-1111-111111111111 -Certificate $certThis example connects to the SharePoint admin center by using an app identity and a certificate object.
Applicable: SharePoint Online
Specifies the URL for the Microsoft Entra cross-tenant authentication service. Use this parameter when a non-default cross-tenant authentication endpoint is required.
Type: System.String
Parameter Sets: AuthenticationUrl
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseType: String
Parameter Sets: AuthenticationCertificate
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the X.509 certificate used for authentication.
Type: X509Certificate2
Parameter Sets: AuthenticationCertificate
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the password for the certificate file.
Type: SecureString
Parameter Sets: AuthenticationCertificate
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the path to the local .pfx certificate file.
Type: String
Parameter Sets: AuthenticationCertificate
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the thumbprint of the certificate in the current user's certificate store.
Type: String
Parameter Sets: AuthenticationCertificate
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the client ID of the application.
Type: String
Parameter Sets: AuthenticationCertificate
Aliases: ApplicationId
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Optionally adds a client tag to CSOM HTTP traffic to help identify the calling script or solution.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the credentials used to connect. If you do not provide credentials, you are prompted to enter them. The credentials must belong to an administrator who has access to the SharePoint admin center.
Type: Microsoft.Online.SharePoint.PowerShell.CredentialCmdletPipeBind
Parameter Sets: AuthenticationUrl, AuthenticationLocation
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseApplicable: SharePoint Online
Enables modern authentication when connecting to SharePoint administration cmdlets.
When you use this parameter, you must also specify the AuthenticationUrl parameter.
Type: System.Boolean
Parameter Sets: AuthenticationUrl, AuthenticationLocation
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the authentication region. Valid values are: Default, ITAR, Germany, and China.
The default value is Default.
Note: The ITAR value applies only to GCC High and DoD tenants.
Type: Microsoft.Online.SharePoint.PowerShell.AADCrossTenantAuthenticationLocation
Parameter Sets: AuthenticationLocation, AuthenticationCertificate
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the ID of the tenant to connect to.
Type: String
Parameter Sets: AuthenticationCertificate
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseApplicable: SharePoint Online
Specifies the URL of the SharePoint admin center.
Type: Microsoft.Online.SharePoint.PowerShell.UrlCmdletPipeBind
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseApplicable: SharePoint Online
Uses the Microsoft Authentication Library (MSAL) to authenticate the user by using the system browser.
Note
To avoid adding the -UseSystemBrowser parameter every time you run Connect-SPOService, you can set a registry key instead.
Set the UseSystemBrowser registry key (type REG_DWORD) at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SPO\CMDLETS\
If either registry key is set to a non-zero integer value or -UseSystemBrowser parameter is set to true, authentication flow will use system browser for sign-in.
Type: System.Boolean
Parameter Sets: AuthenticationUrl, AuthenticationLocation
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Introduction to the SharePoint Online management shell