Feedback by UserVoice

I suggest you ....

Ability to use App-Only calls to create modern sites

Provide support to create modern sites using App-Only calls.

382 votes
Sign in
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Comments are closed
  • Devin Prejean commented  ·   ·  Flag as inappropriate

    If you're authentication is federated you are screwed. We are unable to provision sites because we don't store passwords in O365. Please do something about this!

  • Derek Gusoff commented  ·   ·  Flag as inappropriate

    This works for me using PnP PowerShell so it must be available at a lower level. Or am I missing something here?

    Connect-PnPOnline -Url $adminUrl -AppId $appId -AppSecret $appSecret

    New-PnPTenantSite -Url $siteUrl -Title $name -Owner $username -Description "" -Lcid 1033 -TimeZone 7 -Template "SITEPAGEPUBLISHING#0"

  • Luis Valencia commented  ·   ·  Flag as inappropriate

    I am creating a multi tenant application that will be able to create modern sites for many customer tenants from a central location based on custom templates with custom webparts too.

    Right now I have to save (safely) one account from the customer in Azure KeyVault, this is considered safe, but I would prefer if I can use app only for this.

  • Anonymous commented  ·   ·  Flag as inappropriate

    With App ID deployment, to automate deployment, you need to use a global admin account without MFA. This is not really a good security measure, so enabling app id would really be helpfull

  • Sander de Koning commented  ·   ·  Flag as inappropriate

    We cannot use a service account because our tenant has LegacyAuthProtocolsEnabled set to $false. The only way to create modern sites would be by using app-only authentication.

  • Kyle Petersen commented  ·   ·  Flag as inappropriate

    Would really like to have this capability so we can provision sites via back end (PowerShell in Azure Automation) process. This would enable us to have a more formal approval process prior to site creation (e.g. PowerApp -> Flow -> Azure Automation) but still be easy for admins to maintain with no code.

  • Luis Valencia commented  ·   ·  Flag as inappropriate

    We manage at least 10 tenants and we are creating an app to centrally manage that, this feature is required, right now in the app we are building, we have to register a username and password from each tenant which is not the best security practice

  • Ankit commented  ·   ·  Flag as inappropriate

    I sense there is quite a demand for this feature. @vesa you aware about its native support any time soon ? Seems it has enough upvotes and solves a crucial problems that users have to deal with using service account

  • Luis Valencia commented  ·   ·  Flag as inappropriate

    This is really needed, I am creating a modern react app to manage multiple tenants, in the webapi I am creating the methods to handle operations depending on the tenant selected, however modern site provisioning is blocked.

  • Ankit commented  ·   ·  Flag as inappropriate

    This is a necessity. In some cases the user context isnt available so an App Only policy will be really helpful.

  • Brian T. Jackett commented  ·   ·  Flag as inappropriate

    @Rene, it is possible to create an O365 Group via the MS Graph with app-only and also create the SPO site. I have a pull request in to Microsoft Graph to publish updated docs on this. Requires specifying 1+ owners in the MS Graph call. Use "owners@odata.bind" syntax to accomplish. Verified in multiple tenants.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Trying to get a PowerApp to execute a Flow that provisions a SP site with the Plumsail connector. Got an error "App-Only is currently not supported". First experience with PowerApp and Flow. This would be nice but sounds like there are other ways.

  • René commented  ·   ·  Flag as inappropriate

    In addition: Native API should support creation of modern sites, with a corresponding Group. This should be done with an app-only context, so it can be provisioned on behalf of a user, and additional provisioning can be done.

    The other way around is creating a Group trough the Graph API, with a corresponding Team site, but at this moment, only the group is created, and the sitecollection not. The sitecollection is created just in time when a user visits his Group files.

    Using a service account is the only working method right now, and this is not a good scenario regarding security, MFA, site creator etc.

Feedback and Knowledge Base