This article describes the steps required to install EntraCP in your SharePoint farm.

About the installation

Installing EntraCP is much easier and safer than AzureCP because it uses the deployment type ApplicationServer, which implies that:

  • Its features are installed with a specific, additional step, preventing conflicts.
  • Its assemblies are deployed on truly all SharePoint servers.

Download the required assets

Browse to the latest release and download the assets assembly-bindings.config and EntraCP.wsp.

Set the assembly bindings

Why those bindings are needed?EntraCP uses NuGet packages Microsoft.Graph and Azure.Identity, which both require assembly bindings to work with .NET Framework 4.8 (more info).
Why setting them in the machine.config?Since SharePoint runs in many processes (w3wp.exe, owstimer.exe, powershell.exe, etc…), the only config file that can propagate the bindings to all is the machine.config.


The steps below must be completed on all the SharePoint servers, before the solution is deployed.

  1. Open the machine.config file (%systemroot%\Microsoft.NET\Framework64\v4.0.30319\Config\Machine.config) in a text editor.
  2. Locate the node <runtime />.
  3. Replace it with the entire node <runtime> in the file assembly-bindings.config you downloaded.
  4. Save the file.

Install EntraCP

Finalize the installation

On each SharePoint server, restart the IIS and the SharePoint timer services:

Restart-Service -Name @("W3SVC", "SPTimerV4")

Enable the claims provider

To be enabled, EntraCP must be associated with the SPTrustedLoginProvider created when the federation was configured.
Execute this script on the server running the central administration:

$trust = Get-SPTrustedIdentityTokenIssuer "YOUR_SPTRUST_NAME"
$trust.ClaimProviderName = "EntraCP"