When working with SharePoint Online, SPFx solutions, and PnP PowerShell, it is now recommended to use your own Microsoft Entra ID application registration instead of relying on a shared/default application. PnP PowerShell requires a client ID for authentication scenarios, and the official documentation states that you should register your own app and provide the -ClientId parameter when connecting. (PNP GitHub)

Connecting to SharePoint Online with PnP PowerShell using a pre-registered Entra ID App and enabling a Site Collection App Catalog

Introduction

This article shows a practical scenario:

You already have an app registered in Microsoft Entra ID.
You have the application/client ID.
You want to connect to SharePoint Online using PnP PowerShell.
You want to enable a local Site Collection App Catalog for a specific SharePoint site.

This is useful when you want to deploy SPFx packages only to a specific site collection instead of using the tenant-wide App Catalog.

Requirements

Before running the commands, make sure you have:

PnP PowerShell installed.
A Microsoft Entra ID app registration already created.
The application/client ID of that app.
Permission to access SharePoint Online.
Permission to access the SharePoint Tenant Administration site, which is required by Add-PnPSiteCollectionAppCatalog. (PNP GitHub)
Site Collection Administrator rights on the target site.

Install or update PnP PowerShell

Install-Module PnP.PowerShell -Scope CurrentUser

If you already have it installed:

Update-Module PnP.PowerShell

Check the installed version:

Get-Module PnP.PowerShell -ListAvailable

Define the variables

Replace the values below with your tenant, admin center, site URL, and Entra ID application client ID.

			
$tenantName = "contoso"
$adminUrl = "https://$tenantName-admin.sharepoint.com"
$siteUrl = "https://$tenantName.sharepoint.com/sites/Marketing"
$clientId = "00000000-0000-0000-0000-000000000000"

Connect to SharePoint Online using the registered Entra ID App

Use Connect-PnPOnline with -Interactive and -ClientId.

			
Connect-PnPOnline `
  -Url $adminUrl `
  -Interactive `
  -ClientId $clientId

The Connect-PnPOnline cmdlet connects to Microsoft Entra ID, acquires an access token, and allows PnP PowerShell to access SharePoint and Microsoft Graph depending on the permissions granted to the app registration. (PNP GitHub)

Enable the Site Collection App Catalog

After connecting to the SharePoint Admin Center, run:

Add-PnPSiteCollectionAppCatalog -Site $siteUrl

This command enables a Site Collection scoped App Catalog for the specified site. The official PnP documentation describes this cmdlet as the command used to add a Site Collection App Catalog to a site. (PNP GitHub)

Alternative: connect directly to the target site

In some cases, you may also connect directly to the target site:

			
Connect-PnPOnline `
  -Url $siteUrl `
  -Interactive `
  -ClientId $clientId

Then run:

Add-PnPSiteCollectionAppCatalog

When no -Site parameter is provided, the command enables the app catalog for the currently connected site. (PNP GitHub)

Upload an SPFx package to the local App Catalog

After the Site Collection App Catalog is enabled, you can upload an SPFx .sppkg package.

Example:

			
$packagePath = ".\sharepoint\solution\my-solution.sppkg"
Add-PnPApp `
  -Path $packagePath `
  -Scope Site `
  -Overwrite `
  -Publish

		

The Add-PnPApp cmdlet uploads an app package to the tenant or site collection app catalog, and the -Publish option can deploy/trust it during the same operation. (PNP GitHub)

Complete script

			
$tenantName = "contoso"
$adminUrl = "https://$tenantName-admin.sharepoint.com"
$siteUrl = "https://$tenantName.sharepoint.com/sites/Marketing"
$clientId = "00000000-0000-0000-0000-000000000000"
Connect-PnPOnline `
  -Url $adminUrl `
  -Interactive `
  -ClientId $clientId
Add-PnPSiteCollectionAppCatalog -Site $siteUrl

		

Optional upload:

			
$packagePath = ".\sharepoint\solution\my-solution.sppkg"
Connect-PnPOnline `
  -Url $siteUrl `
  -Interactive `
  -ClientId $clientId
Add-PnPApp `
  -Path $packagePath `
  -Scope Site `
  -Overwrite `
  -Publish

		

Important notes about permissions

The Entra ID app must have the permissions required for the operations you want to perform. PnP provides official guidance for determining which permissions are needed for a script, especially because PnP PowerShell now expects you to use your own Entra ID application registration. (PNP GitHub)

For this scenario, the user running the command must also have SharePoint administrative rights because enabling a Site Collection App Catalog requires access to the SharePoint Tenant Administration site. (PNP GitHub)

Why use a Site Collection App Catalog?

A Site Collection App Catalog is useful when you want to isolate SPFx deployment to a single site collection.

Instead of publishing an SPFx package globally in the tenant App Catalog, you can publish it only where it is needed. This is especially useful for demos, department-specific solutions, proof-of-concepts, controlled rollouts, and environments where not every web part should be available tenant-wide.

Official references

PnP PowerShell authentication
Connect-PnPOnline
Add-PnPSiteCollectionAppCatalog
Add-PnPApp
Determining required Entra ID app permissions

Conclusion

Using PnP PowerShell with a pre-registered Microsoft Entra ID app is now a clean and secure way to connect to SharePoint Online. By passing the ClientId explicitly, you control which app registration is being used.

Once connected, Add-PnPSiteCollectionAppCatalog allows you to enable a local app catalog for a specific site collection. This gives you a safer and more controlled deployment model for SPFx packages, especially when building many web parts or working in isolated project sites.