The issue with creating a Course Catalog on a new Tenant

If you install a new Tenant and try to create a new Course Catalog for the first time,  during this process you will receive the error from Sharepoint "Token type is not allowed".
For security reasons, Microsoft has disabled Azure Access  Control (ACS) only for new Office 365 tenants by default. This prevents the creation of new catalogs that use an ACS app-only approach to handle permissions on the site collection only. 
To enable this feature, you need to connect to SharePoint using Windows PowerShell and then run Set-SPOTenant -DisableCustomAppAuthentication $false.
Do the following steps on PowerShell:

1. Run your Windows PowerShell as an administrator:

2. Check the version of your PowerShell module (at least 16.0.20717.12000):


Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version


  •  If you have the module's version 16.0.20717.12000 or higher, please run the following commands:
function Enable-SPDisableCustomAppAuthentication {
Write-Host "Please specify sharepoint organisation name." -ForegroundColor Green
Write-Host "For example if your sharepoint site is https://contoso.sharepoint.com value should be contoso: " -ForegroundColor Green -NoNewline
$orgName = Read-Host
$orgName = $orgName.Trim().Trim("'")
Write-Verbose "Connecting to: https://$orgName-admin.sharepoint.com" -Verbose
Connect-SPOService -Url "https://$orgName-admin.sharepoint.com"
Set-SPOTenant -DisableCustomAppAuthentication $false
}
Enable-SPDisableCustomAppAuthentication

Screenshot_1793.png

Specify the SharePoint organization name and sign in with your administrator's account:
Screenshot_1795.pngScreenshot_1796.png


Screenshot_1797.png

  • If you do not have the SharePoint Online Management Shell module, please install it:

Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force
Then run the same commands.
  • If you do not have version 16.0.20717.12000 or higher, please update the latest PowerShell module:

Update-Module -Name Microsoft.Online.SharePoint.PowerShell -Force

Then run the same commands.

 

 

Please note:

  • How to get started with SharePoint Online Management Shell.
  • When prompted with the Windows PowerShell credential request dialog box, type the login/password for the SharePoint admin account.

  • Commands should not contain extra spaces. For example:
    NOT RIGHT: Set-SPOTenant - DisableCustomAppAuthentication $ false
    ​​​​​​​Screenshot_792.png

    RIGHT: Set-SPOTenant -DisableCustomAppAuthentication $false
    Screenshot_791.png
Was this article helpful?
3 out of 6 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Scull Kaleo

    I continue to get these errors...

    Connect-SPOService : The term 'Connect-SPOService' is not recognized as the name of a cmdlet, function, script file,
    or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
    try again.
    At line:3 char:1
    + Connect-SPOService -URLhttps://$orgName-admin. sharepoint.com
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Connect-SPOService:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    Set-SPOTenant : The term 'Set-SPOTenant' is not recognized as the name of a cmdlet, function, script file, or operable
    program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:4 char:1
    + Set-SPOTenant - DisableCustomAppAuthentication $ false
    + ~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Set-SPOTenant:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    Comment actions Permalink
  • Avatar
    Alesia Katlova

    Thank you for your helpful comments.
    Following this, we have сhanged and supplemented our article. Please, see above.

    Comment actions Permalink

Article is closed for comments.