This authentication method is provided for the OData-Provider, SharePoint-Provider, XML-Provider, and RSS-Provider. It can be used by administrator accounts to perform certain actions that require administrative permissions, e. g.: the modified field in a SharePoint list can only be changed with admin permissions.
Microsoft_Modern_Admin accesses Microsoft Office 365 instances and should work in most cases,
even if the SharePoint site is connected to an ADFS.
The authentication supports Multifactor Authentication and does not need any further connection
string settings, other than the URL of the connected system. The authentication needs to be set up in the UI:
It will show a popup from Microsoft prompting you to log in. Then the popup will list requested
permissions to be accepted by the user.
A Note Regarding Admin Approval:
You might get a request for admin approval like the following:
In this case, an Azure Admin can approve the app registration request in Azure directly and grant the app permission.
Once an app asks for registration and permission the request is sent to Azure and can be found in the App Registration or Enterprise Applications tab. Below it’s the green marked selection – there will be a request from Cloud Connector Admin.
The Cloud Connector will still only use the permission set granted to the user account used during the verification process.
When the consent dialog has been completed, the Cloud Connector will retrieve a token which will be saved to disk and used for subsequent synchronizations, which now can be performed without interaction by the scheduling service. The token itself does in theory expire after 90 days but it will refresh itself with each use of the connection. So as long as the connection is actively used the token does not expire. In case the connection did not run for 90 days, the token will expire and needs to be refreshed through the UI.
To create multiple connections to the same URL, but with different users, it is possible to specify the
User setting in the connection string, so that the token will be saved for that specific user.