Even with Legacy auth disabled, you can successfully run Connect-PNPOnline. Video demo shows changing SPO tenant security, then how to register new AppId for Connect-PNPOnline access to all site collections in tenant. The “AppRegNew” and “AppInv” ASPX pages can be used to establish authentication channel for PowerShell work in PNP on Office 365 tenants where Legacy Auth is disabled. Cheers!

Video
Code
# Check SPO Connect-SPOService "https://spjeff-admin.sharepoint.com" Get-SPOTenant | Select *legacy* | ft # 2) Disable Legacy Set-SPOTenant -LegacyAuthProtocolsEnabled $false Get-SPOTenant | Select *legacy* | ft # 3) Register App # https://spjeff-admin.sharepoint.com/_layouts/15/appregnew.aspx # 4) Invite App # https://spjeff-admin.sharepoint.com/_layouts/15/appinv.aspx # 5) PNP Login Connect-PNPOnline -AppId "e419e703-5293-402c-bb70-3aff593b850b" -AppSecret "secret-here" $w = Get-PNPWeb Get-PNPList -Web $w
References
- http://www.sparkhound.com/blog/office-365-modern-authentication
- https://github.com/SharePoint/PnP-PowerShell/blob/master/Commands/Samples/Connections.ps1
- https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps
- https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
- https://medium.com/ng-sp/sharepoint-add-in-permission-xml-cheat-sheet-64b87d8d7600
-LegacyAuthProtocolsEnabled
By default this value is set to $True. Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources. A value of True- Enables Office clients using non-modern authentication protocols (such as, Forms-Based Authentication (FBA) or Identity Client Runtime Library (IDCRL)) to access SharePoint resources. A value of False-Prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources. Note This may also prevent third-party apps from accessing SharePoint Online resources. Also, this will also block apps using the SharePointOnlineCredentials class to access SharePoint Online resources. For additional information about SharePointOnlineCredentials, see SharePointOnlineCredentials class.