With the first Sharepoint (Plan 1) setup, it is important to understand, that the default setup does include multiple configuration parts beginning with Azure Active Directory. Configuring the newly created Sharepoint site can be automated using powershell, but you must be aware where to begin with.

Configure your tool palette

For as-a-code configuration tasks, a few tools have to be installed on the dev laptop/workstation.

First, I'm using VMware Workstation 17.x on Windows 11. Virtualization Based Security on the laptop has to be disabled to make run nested virtualization.

• Start group policy (gpedit.msc).
  Go to Local Computer Policy > Computer Configuration > Administrative Templates > System
  Double Click on Device Guard on the right hand side to open.
  Double Click on "Turn On Virtualization Security" to open a new window It would be "Not Configured", Select "Disable" and click "Ok" Close the Group Policy Editor. Restart the system
• In the VM settings, enable VBS.

A very good description, which tools to install and how to configure, see https://learn.microsoft.com/en-us/training/modules/deploy-manage-container-app-using-azure-container-apps/2-prepare-deployment-tools-resources .

Install Azure Powershell

Open a Terminal(Administrator) console window.

Run the following commands.

cd $env:userprofile/downloads
Invoke-Webrequest -Uri https://github.com/PowerShell/PowerShell/releases/download/v7.4.4/PowerShell-7.4.4-win-x64.msi -Outfile PowerShell-7.4.4-win-x64.msi
.\PowerShell-7.4.4-win-x64.msi

Click through the installation wizard, select 'Launch Powershell' and close the Terminal(Administrator) console window.

In the launched powershell 7 window, we install the Azure Powershell module first.

install-module -Name Az.Tools.Installer
Install-AzModule

Login with the first user account created for the Sharepoint (Plan1).

connect-azaccount

On the interactive window, choose Azure work or school account. Enter username and password.

With get-azcontext and get-aztenant you can show up some information.

In comparison, login on portal.azure.com with the same user account. Go to Microsoft Entra ID.

Change the tenant name

The name of the first user account, is used as tenant name, too.

On the settings tab, change the tenant name, e.g. notification language and contact information, too, and press save.

The first user account is Global Administrator, but it does not explicitly have the right to administer all Azure subscriptions in this tenant.

Install Azure CLI

Install Azure CLI.

$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; Remove-Item .\AzureCLI.msi

Open an new Powershell 7 window.

Run az login --allow-no-subscriptions.

Configure Microsoft Entra Multifactor Authentication

See https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-userdevicesettings.

For the first user account, run the following commands.

Install-module Microsoft.Graph.Identity.Signins
Connect-MgGraph -Scopes "User.Read.all","UserAuthenticationMethod.Read.All","UserAuthenticationMethod.ReadWrite.All"

You will be asked to install the Microsoft authenticator on your smartphone and to scan the QR code. The user account is then added to Microsoft authenticator.

After that, accept the app registration.

You can find the app on the Microsoft Entra admin center (entra.microsoft.com) as well.

Good to know: https://learn.microsoft.com/en-us/answers/questions/335570/phoneauthenticationmethod-api-returning-unauthenti?source=docs