EntraCP

Installation

This article describes the steps required to install EntraCP in your SharePoint farm.

About the installation

Installing EntraCP is much easier and safer than AzureCP because it uses the deployment type ApplicationServer, which implies that:

  • Its features are installed with a specific, additional step, preventing conflicts.
  • Its assemblies are deployed on truly all SharePoint servers.

Download the required assets

Browse to the latest release and download the assets assembly-bindings.config and EntraCP.wsp.

Set the assembly bindings

Why those bindings are needed?EntraCP uses NuGet packages Microsoft.Graph and Azure.Identity, which both require assembly bindings to work with .NET Framework 4.8 (more info).
Why setting them in the machine.config?Since SharePoint runs in many processes (w3wp.exe, owstimer.exe, powershell.exe, etc…), the only config file that can propagate the bindings to all is the machine.config.

Important

The steps below must be completed on all the SharePoint servers, before the solution is deployed.

  1. Open the file %systemroot%\Microsoft.NET\Framework64\v4.0.30319\Config\Machine.config in a text editor.
  2. Locate the node runtime (<runtime /> or <runtime>).
  3. Replace it with the one in the file assembly-bindings.config, available in the assets of the each release.
  4. Save the file.

Deploy the solution

Run the following script on the server running the central administration, in a new PowerShell process:

Automated installation script for EntraCP
 1<#
 2.SYNOPSIS
 3    Deploys the SharePoint solution EntraCP.wsp, created with the deployment mode "Application"
 4.DESCRIPTION
 5    Run this script ONLY on the server running the central administration, in a new PowerShell process.
 6    The script does not require any modification, except to update the path in $packagefullpath.
 7
 8    EntraCP.wsp uses deployment mode "Application", which by design makes its deployment much more secure than AzureCP.
 9    Because contrary to AzureCP, running Install-SPSolution does NOT install the features in the farm, which prevents conflicts.
10.LINK
11    https://entracp.yvand.net/docs/usage/installation/
12#>
13
14$product = "EntraCP"
15$packagefullpath = "C:\YvanData\$product.wsp" # Only update the path here
16
17# Add the solution if it's not already present in the farm
18if ($null -eq (Get-SPSolution -Identity "$product.wsp" -ErrorAction SilentlyContinue)) {
19    Write-Host "Adding solution $product.wsp to the farm..."
20    Add-SPSolution -LiteralPath $packagefullpath
21}
22
23$count = 0
24while (($count -lt 20) -and ($null -eq $solution))
25{
26    Write-Host "Waiting for the solution $product.wsp to be available..."
27    Start-Sleep -Seconds 5
28    $solution = Get-SPSolution -Identity "$product.wsp"
29    $count++
30}
31
32if ($null -eq $solution) {
33    Write-Error "Solution $product.wsp could not be found in the farm."
34    throw ("Solution $product.wsp could not be found in the farm.")
35}
36
37Write-Host "Deploying solution $product.wsp globally..."
38Install-SPSolution -Identity "$product.wsp" -GACDeployment
39
40$solution = Get-SPSolution -Identity "$product.wsp"
41$count = 0
42while (($count -lt 20) -and ($false -eq $solution.Deployed))
43{
44    Write-Host "Waiting for the solution $product.wsp to be deployed..."
45    Start-Sleep -Seconds 10
46    $solution = Get-SPSolution -Identity "$product.wsp"
47    $count++
48}
49
50if ($null -ne (Get-SPFeature| Where-Object{$_.SolutionId -eq $solution.SolutionId}) -or
51    $null -ne (Get-SPClaimProvider -Identity "$product" -ErrorAction SilentlyContinue)) {
52  Write-Warning "The claims provider and/or the features are already installed, skip Install-SPFeature"
53} else {
54  Write-Host "Installing the features in the solution $product.wsp..."
55  Install-SPFeature -SolutionId $solution.Id -AllExistingFeatures
56}
57Write-Host "Finished."

Do the following on the server running the central administration:

  1. Add the solution to the farm:

    Add-SPSolution -LiteralPath "C:\YvanData\dev\EntraCP.wsp"

  2. Navigate to the central administration > System Settings > Manage farm solutions > click on “entracp.wsp” > Deploy solution.

  3. Monitor the deployment of the solution and wait for it to be fully deployed.

  4. Install the features present in the solution:

    Install-SPFeature -SolutionId "dd03bdd7-0645-475e-a852-f180b8bc8191" -AllExistingFeatures

Restart the services

On each SharePoint server, restart the IIS and the SharePoint timer services:

Restart-Service -Name @("W3SVC", "SPTimerV4")

Validate the setup

EntraCP includes special page TroubleshootEntraCP.aspx, that can be used to validate the install (or update) was performed correctly, and the prerequisites are met.
This page is standalone: It does NOT use your EntraCP configuration.
It can be found in the central administration > Security.
More info about this page.

Enable the claims provider

To be enabled, EntraCP must be associated with the SPTrustedLoginProvider created when the federation was configured.
Execute this script on the server running the central administration:

$trust = Get-SPTrustedIdentityTokenIssuer "YOUR_SPTRUST_NAME"
$trust.ClaimProviderName = "EntraCP"
$trust.Update()
Last updated on August 21, 2025
Edit this page on GitHub
Prev
Introduction
Next
Configuration