When I deliver PowerShell script to a customer, that contains log in / credential, I normal use this line of code:
$user = "user@tenant.com"
$password = "ZXY" | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $password
$url = "https://tenant.sharepoint.com"
Connect-PnPOnline -Url $url -Credentials $credential
Or reading the password from disk like this:
$user = "user@tenant.com"
$password = Get-Content .\password.txt -Raw | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $password
$url = "https://tenant.sharepoint.com"
Connect-PnPOnline -Url $url -Credentials $credential
Or from Windows Credential Manager, https://github.com/SharePoint/PnP-PowerShell/wiki/How-to-use-the-Windows-Credential-Manager-to-ease-authentication-with-PnP-PowerShell.
But this will not work if the customer account is configured for use multi factor authentication (MFA). The PnP/PowerShell script will return with an error message:
“The remote server returned an error: (403) Forbidden”
Luckily, we can work around this errror, by using the UseWebLogin. When using the UseWebLogin parameter a Windows Form will open and show an IE control that navigate to the Office 365 log in page. And this process support MFA login.
$url = "https://ameq.sharepoint.com"
Connect-PnPOnline -Url $url -UseWebLogin