In testing some of the New AzureAD MFA functionality there was a requirement to test connecting to SPO sites.
PSMessageDetails :
Exception : Microsoft.SharePoint.Client.IdcrlException: The sign-in name or password does not match one in
the Microsoft account system.
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String securityXml, String
serviceTarget, String servicePolicy)
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String username, String
password, String serviceTarget, String servicePolicy)
at Microsoft.SharePoint.Client.Idcrl.SharePointOnlineAuthenticationProvider.GetAuthenticatio
nCookie(Uri url, String username, SecureString password)
at Microsoft.SharePoint.Client.SharePointOnlineCredentials.GetAuthenticationCookie(Uri url,
Boolean refresh)
at
Microsoft.SharePoint.Client.ClientRuntimeContext.SetupRequestCredential(ClientRuntimeContext
context, HttpWebRequest request)
at Microsoft.SharePoint.Client.SPWebRequestExecutor.GetRequestStream()
at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryImplementation(ClientRunt
imeContext clientContext, Int32 retryCount, Int32 delay)
at
Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryRetry(ClientRuntimeContext
clientContext, Int32 retryCount, Int32 delay)
at OfficeDevPnP.PowerShell.Commands.Base.SPOnlineConnectionHelper.InstantiateSPOnlineConnect
ion(Uri url, PSCredential credentials, PSHost host, Boolean currentCredentials, Int32
minimalHealthScore, Int32 retryCount, Int32 retryWait, Int32 requestTimeout, Boolean
skipAdminCheck)
at OfficeDevPnP.PowerShell.Commands.Base.ConnectSPOnline.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
TargetObject :
CategoryInfo : NotSpecified: (:) [Connect-SPOnline], IdcrlException
FullyQualifiedErrorId : Microsoft.SharePoint.Client.IdcrlException,OfficeDevPnP.PowerShell.Commands.Base.ConnectSPOnlin
e
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}
I may be wrong but I'm sure there was a sample for enabling authentication with MFA for the PnP.Core library at some point? Though I may be thinking of ADFS?