I.D.E.A #003 – One script to register them all!

It’s time for another I.D.E.A., and this one might be the most immediately useful one yet, especially if you’re a consultant hopping between tenants, or a SharePoint admin who just discovered that PnP.PowerShell now requires its own app registration in every tenant.

About two years ago I wrote a post covering how to set up app registrations for connecting to M365 services via PowerShell using certificates: Entra, Exchange Online, SharePoint Online, and Teams. That post still holds up, but let’s be honest: The process is a bit slow and tedious. Multiple manual steps, easy to miss something, and every time you needed to set this up in a new tenant you started from scratch. So when I revisited it recently, I thought: This is a perfect I.D.E.A. candidate, and now I am happy to share a script that does ALL the setup for you, including exporting ready-to-use connection scripts based on your configuration. 🥳

The Tool

You’ll fine this tool in the I.D.E.A repo at https://github.com/Per-Torben/I.D.E.A. and has been tested on Windows with PowerShell 7.6. No local admin rights are required.

Just run:

No switches needed. It’s fully menu-driven. Here’s how it works:

Step 1: Select service(s)

Select which M365 services you want to configure app registrations for. Options include Entra, Exchange Online, SharePoint Online, and Teams. You can select one or multiple services in a single run.

Step 2: Certificate

Choose whether to create a new self-signed certificate or use an existing one. If you already have a certificate, point the script to your .cer file and the script handles the upload to the app registration automatically.

Step 3: Permissions

Step 4: Prefix

Add a preferred prefix for the app registration, certificate, and connection script names. The script shows you a preview before anything is created, so you can adjust the name if needed. I used BLOGDEMO for this example.

Step 5: Confirm settings

If you’re creating a new certificate, the script prompts for a name and validity duration. You then get a full summary of everything that will be created before any action is taken. After confirming, you’re prompted to sign in to the tenant with a sufficiently privileged account to create the app registration.

Finally you get a nice summary of what’s been created.

The output

Once the script finishes, you get a summary of everything that was created. Two subfolders are generated alongside the script:

• Logs: A full log of everything the script did, written every time you run it.
• Exports: A .json file with the full configuration, plus ready-to-use .ps1 connection scripts for each service you selected in step 1.

Those exported connection scripts are what make this genuinely useful in daily work. You don’t have to remember the connection syntax for each module: It’s all pre-configured with your app registration details, certificate thumbprint, and tenant ID. Just run it, done. ✅

And that’s it!

This tool came out of a real and recurring problem: Setting up app registrations manually across multiple tenants is tedious, error-prone, and slow. A script that handles registration, certificate management, and connection script generation in a single run saves real time and removes an entire class of mistakes. That’s the whole point of the I.D.E.A. series.

If you find it useful, share it with others who might benefit, especially those SharePoint admins who now have no choice but to move to their own app registration.

And what you should always do: Check the permissions carefully before handing anything off to others, and don’t give the app registration more access than it actually needs. Least privilege applies to your automation as well, and unfortunately it’s an easy thing to overlook when a script is doing the work for you.

Thank you all!