Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
libpekin
Advocate II
Advocate II

Fabric SharePoint Shortcut - Service Principle

‎04-07-2026 07:30 AM

Hello,
I'm attempting to create a SharePoint shortcut using service principle and I'm running into the error below. The SPN is configured in Azure to use Graph with Sites.ReadWrite.All access. Thanks for your help!

libpekin_2-1775572188700.png

 

libpekin_1-1775572035886.png

 

 

Labels:
Message 1 of 11
515 Views
0
10 REPLIES 10
tayloramy
Super User
Super User

‎04-08-2026 06:36 AM

Hi @libpekin

 

Here's a blog post that might be helpful: https://heyniels.com/2026/03/15/connect-fabric-to-sharepoint-after-the-acs-retirement/

 





If you found this helpful, consider giving some Kudos.
If I answered your question or solved your problem, mark this post as the solution!

Proud to be a Super User!



Message 8 of 11
369 Views
0
libpekin
Advocate II
Advocate II
In response to tayloramy

‎04-08-2026 06:55 AM

@tayloramy  I'll try it out and provide feedback. Thank you!

Message 9 of 11
350 Views
0
v-hjannapu
Community Support
Community Support
In response to libpekin

Sunday

Hi @libpekin,

Thanks for checking all the steps and sharing your results.

From what you tested, it is clear that everything works fine with your user account, but only failing when using Service Principal. So this is not a permission issue from your side.

The main reason here is  the older method using ACS (App-only auth) is no longer supported for new tenants. That’s why the command to enable it is failing, and because of that the SharePoint-side access steps also won’t work.

As of now, Fabric SharePoint shortcuts are working properly with user (Entra ID) login, but Service Principal support for SharePoint Online is not fully supported in this scenario with the current setup.

That’s why even after giving all permissions, it still shows invalid credentials. So for now, you can continue using your Organizational account to create the shortcut. Your setup looks correct, nothing wrong from your end.

If you get any update after trying the blog shared earlier, please share here, it will help others also.


Regards,
Community Support Team.

Message 10 of 11
165 Views
0
libpekin
Advocate II
Advocate II
In response to v-hjannapu

Monday

@v-hjannapu

Thank you for your response. I’ve tested this extensively and can confirm that Fabric SharePoint Online shortcuts do not reliably work with a Service Principal. While the connection may succeed initially, any attempt to refresh SharePoint folders or files results in an error.

Can you confirm whether this limitation is documented anywhere in Microsoft Learn, and if so, please share the link? Many customers assume this scenario is supported, as most official Fabric documentation appears to imply Service Principal support.

Message 11 of 11
131 Views
0
libpekin
Advocate II
Advocate II

‎04-08-2026 05:39 AM

@Lodha_Jaydeep was your solution implemented with harepoint server or sharepoint online. I'm attempting to shortcut to sharepoint online. Other documents suggest, for sharepoint online, to use the Microsoft Graph Explorer to grant the SPN sharepoint permissions. Just curious.

Message 6 of 11
390 Views
0
Lodha_Jaydeep
Resolver II
Resolver II
In response to libpekin

‎04-08-2026 07:56 AM

Based on your confirmation, the shortcut was successfully created using an Organizational (user) account, but not with a Service Principal. Also, my solution was implemented for the sharepoint online.

I have also tested this on my end and observed the same behavior.

For the Service Principal setup, admin consent is required, which will need to be granted by IT administrator. In the meantime, I recommend adding the required SharePoint API permissions and then testing again to see if the issue persists (for example, if it still returns an invalid credentials error).

Please let me know the outcome once you have tried this.

Lodha_Jaydeep_0-1775659959791.png

 

Message 7 of 11
337 Views
0
libpekin
Advocate II
Advocate II

‎04-07-2026 09:18 AM

@Lodha_Jaydeep thank you for your reply. After I tried, here's my feedback: 

All steps worked until I got to "Enable App-Only Auth" then nothing worked after that.

Set-SPOTenant -DisableCustomAppAuthentication $false - false with error: updating DisableCustomAppAuthentication is not allowed anymore for new tenants. This is part of Azure ACS feature retirement.
And the other SharePoint steps did not work, I'm guessing, as a result of DisableCustomAppAuthentication $false, no longer being supported

Message 3 of 11
471 Views
0
Lodha_Jaydeep
Resolver II
Resolver II
In response to libpekin

‎04-08-2026 06:00 AM

Hi @libpekin,

Thank you for trying the steps outlined earlier.

As an additional validation, could you please try creating a test shortcut using your Organizational (domain) account instead of the Service Principal? This will help us confirm whether the issue is related to Service Principal limitations or something else, rather than a permissions-related problem.

 

Please let me know the outcome, and I’ll be happy to assist further.

Message 4 of 11
385 Views
0
libpekin
Advocate II
Advocate II
In response to Lodha_Jaydeep

‎04-08-2026 06:24 AM

@Lodha_Jaydeep Yes, I am able to create shortcuts using my Organizational (domain) account (Entra ID) to the same SharePoint Online sites without issues. I tested 3 sites, with success.

Message 5 of 11
375 Views
0
Lodha_Jaydeep
Resolver II
Resolver II

‎04-07-2026 07:59 AM

Hi @libpekin,

 

Thanks for sharing the details and screenshots. I ran into a similar issue before and can see what's happening here.

Even though your SPN has Microsoft Graph → Sites.ReadWrite.All granted (which looks correct in your screenshot), Fabric SharePoint Shortcuts require an additional SharePoint-specific API permission that is separate from Graph. That's most likely why you're seeing the "Invalid credentials" error.

 

Here's what worked for me:

**1. Add the SharePoint API Permission (separate from Graph)**

In Azure Portal → App Registrations → your app → API Permissions:

- Click Add a permission → choose SharePoint (not Microsoft Graph)

- Select Application permissions → Sites.ReadWrite.All

- Click Grant admin consent

 

Your final permissions should include both:

- Microsoft Graph → Sites.ReadWrite.All

- SharePoint → Sites.ReadWrite.All

 

**2. Enable App-Only Authentication on Your Tenant**

This step is often missed. Run the following as a SharePoint Global Admin:

 

```powershell

Connect-SPOService -Url "https://<tenant>-admin.sharepoint.com"

Set-SPOTenant -DisableCustomAppAuthentication $false

```

 

**3. Grant the SPN Direct Access to the SharePoint Site**

Azure AD permissions alone are not enough — the SPN also needs to be added directly at the site level:

 

```powershell

Set-SPOUser -Site "https://<tenant>.sharepoint.com/sites/<your-site>" `

            -LoginName "i:0#.f|membership|<app-client-id>@<tenant-id>" `

            -IsSiteCollectionAdmin $true

```

 

**4. Double-check the SharePoint URL Format**

Make sure the URL in the connection settings follows this exact format with no trailing slash:

```

https://<tenant>.sharepoint.com/sites/<site-name>

```

 

**Why does it work in some tools but not Fabric Shortcuts?**

 

Fabric's SharePoint shortcut connector talks directly to the SharePoint REST API, not through Microsoft Graph. SharePoint has its own authorization layer. so even if Graph permissions are in place, SharePoint can still reject the SPN unless it's explicitly registered at both the tenant and site level.

 

If you find this response helpful, kindly consider marking it as the accepted solution and giving it some kudos. This helps others facing similar issues and is greatly appreciated.

Good luck! 🙌

Message 2 of 11
497 Views
0

Helpful resources

Announcements
FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All