Manage Selected Sites

Prerequisites

  • Please ensure that a current version (1.10.0) of PnP PowerShell is installed.
  • The account used for this process must have Full Control permission over all relevant SharePoint Sites.

Process

Login

There are different ways on how to run the PnP Powershell commandline interface (CLI), in PowerShell Core, PowerShell Classic, Windows- or Linux Docker containers, please consult the PnP PowerShell Documentation for details.

After starting the CLI a login can be performed interactively - a login pop-up will be shown, or via device login - login can be performed in a browser window even on a different machine.

## The Site where "LiveTiles Intranet Hub Metadata LowTrust" shall be used
## e.g. https://contoso.sharepoint.com/sites/finance/

$siteUrl = "https://<your-tenant>.sharepoint.com/sites/<metadata-site>"

## Either Interactive login ...

Connect-PnPOnline -Url $siteUrl -Interactive

## ... or, Device login

Connect-PnPOnline -Url $siteUrl -DeviceLogin

Assign Root Site

## The root site of your tenant
## e.g. https://contoso.sharepoint.com/

$rootSiteUrl = "https://<your-tenant>.sharepoint.com/"

## Either Interactive login ...

Connect-PnPOnline -Url $rootSiteUrl -Interactive

## ... or, Device login

Connect-PnPOnline -Url $rootSiteUrl -DeviceLogin

## Grant Read Permissions for the "LiveTiles Intranet Hub Metadata LowTrust" application

Grant-PnPAzureADAppSitePermission  `
        -Permissions Read `
        -Site $rootSiteUrl `
        -AppId "51946094-086d-4e5a-8e38-7c11ba96725e" `
        -DisplayName "LiveTiles Intranet Hub Metadata LowTrust"

Assign Metadata Site

In the current implementation of Microsoft Graph, Full Control permissions can only be set, not granted. Therefore this is a 2-step process, first assign Read permissions, and then update the permission and set Full Control permission.

## Url of the site where "LiveTiles Intranet Hub Metadata LowTrust" should be used
$siteUrl = "https://<your-tenant>.sharepoint.com/sites/<metadata-site>"

## Either Interactive login ...

Connect-PnPOnline -Url $siteUrl -Interactive

## ... or, Device login

Connect-PnPOnline -Url $siteUrl -DeviceLogin

## Step 1: grant Read permission to "LiveTiles Intranet Hub Metadata LowTrust"
$grant = Grant-PnPAzureADAppSitePermission `
         -Permissions Read `
         -Site $siteUrl `
         -AppId "51946094-086d-4e5a-8e38-7c11ba96725e" `
         -DisplayName "LiveTiles Intranet Hub Metadata LowTrust"

## Step 2: set FullControl permission to "LiveTiles Intranet Hub Metadata LowTrust"
Set-PnPAzureADAppSitePermission `
         -Permissions FullControl `
         -PermissionId $grant.Id
SharePoint 2019App