When you run the cmdlet Connect-SPOService, you get the following error.

Connect-SPOService : Could not connect to SharePoint Online.
At line:1 char:1
+ Connect-SPOService -Url https://$ -Creden ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-SPOService], InvalidOperationExce
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Online.SharePoint


First, make sure you are connecting to the tenant admin site, and the protocol is https.

If that is not the problem, then you added an Active Directory Federation Services (ADFS) claim rule to block legacy authentication requests that don’t originate from your expected IP range. The Connect-SPOService cmdlet uses legacy authentication but doesn’t pass along the IP range information, so the cmdlet is blocked.

To work around this issue, add the following registry subkey on the client computer to force Modern Authentication.


ForceOAuth” = dword:00000001