Sites.Selected requires special configuration on the customers end. An Azure IT Administrator is required on the customer’s tenant in order to configure Sites.Selected.
On the User’s tenant create an application - the name doesn’t matter, but name it along the lines of “NextStage SharePoint Admin App”. This is not the application that we, at NextStage, created, this is an additional application created by the customer in their tenant.
Grant Delegated Sites.FullControl.All to this application.
In addition to Sites.FullControl.All, the powershell Azure PnP plugin requires an Mobile authorization flow with http://localhost as a redirect. This is so the command line can authenticate. This is documented in the Powershell tutorial as well.
Now you can follow the PowerShell tutorial on Nextstage.
Note: This does require PowerShell 7.4 - we have seen some customers run into issues on PowerShell 5. Check the PowerShell version with $PSVersionTables
PS /Users/matthewevers> $PSVersionTable Name Value ---- ----- PSVersion 7.5.3 PSEdition Core GitCommitId 7.5.3 OS Darwin 25.0.0 Darwin Kernel Version 25.0.0: Wed… Platform Unix PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0 PS /Users/matthewevers>
You can install the Azure PnP plugin for powershell and follow the tutorial here.
Note: You may need to re-add sites once the site is authorized.
GCC High and Sites.Selected
GCC High with Sites.Selected requires third-party cookies to be enabled. The other configurations do not need this because they use the SharePoint access token instead of the cross-site session.
In Google Chrome:
