If you install a new Tenant and try to create a new Course Catalog for the first time, during this process you will receive the error from Sharepoint "Token type is not allowed".
For security reasons, Microsoft has disabled Azure Access Control (ACS) only for new Office 365 tenants by default. This prevents the creation of new catalogs that use an ACS app-only approach to handle permissions on the site collection only.
To enable this feature, you need to connect to SharePoint using Windows PowerShell and then run Set-SPOTenant -DisableCustomAppAuthentication $false.
Do the following steps on PowerShell:
1. Run your Windows PowerShell as an administrator:
2. Check the version of your PowerShell module (at least 16.0.20717.12000):
Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version

- If you have the module's version 16.0.20717.12000 or higher, please run the following commands:
function Enable-SPDisableCustomAppAuthentication {
Write-Host "Please specify sharepoint organisation name." -ForegroundColor Green
Write-Host "For example if your sharepoint site is https://contoso.sharepoint.com value should be contoso: " -ForegroundColor Green -NoNewline
$orgName = Read-Host
$orgName = $orgName.Trim().Trim("'")
Write-Verbose "Connecting to: https://$orgName-admin.sharepoint.com" -Verbose
Connect-SPOService -Url "https://$orgName-admin.sharepoint.com"
Set-SPOTenant -DisableCustomAppAuthentication $false
}
Enable-SPDisableCustomAppAuthentication
Specify the SharePoint organization name and sign in with your administrator's account:
- If you do not have the SharePoint Online Management Shell module, please install it:
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Then run the same commands.
- If you do not have version 16.0.20717.12000 or higher, please update the latest PowerShell module:
Update-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Then run the same commands.
Please note:
- How to get started with SharePoint Online Management Shell.
-
When prompted with the Windows PowerShell credential request dialog box, type the login/password for the SharePoint admin account.
- Commands should not contain extra spaces. For example:
NOT RIGHT: Set-SPOTenant - DisableCustomAppAuthentication $ false
RIGHT: Set-SPOTenant -DisableCustomAppAuthentication $false
I continue to get these errors...
Connect-SPOService : The term 'Connect-SPOService' is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
try again.
At line:3 char:1
+ Connect-SPOService -URLhttps://$orgName-admin. sharepoint.com
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Connect-SPOService:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Set-SPOTenant : The term 'Set-SPOTenant' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:4 char:1
+ Set-SPOTenant - DisableCustomAppAuthentication $ false
+ ~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Set-SPOTenant:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Thank you for your helpful comments.
Following this, we have сhanged and supplemented our article. Please, see above.