Persisting connection information
After logging in to Microsoft 365, the CLI for Microsoft 365 will persist the information about the connection until you explicitly log out from Microsoft 365.
Why is persisting connection information important
Persisting connection information is important for two reasons.
Convenience
First of all it's more convenient to use the CLI for Microsoft 365. If you're using it often to manage a specific tenant, you can connect once and the CLI will remember your credentials. The next time you start the CLI, you can directly start managing your tenant without having to authenticate first.
Building scripts
When working with CLI for Microsoft 365, each command is executed in an isolated context and has no access to the memory of any command executed before. So unless you would store the connection information in a variable and explicitly pass it to each command, the CLI would be unable to log in to your tenant. As you can imagine, working with the CLI in this way would be tedious and inconvenient.
By persisting the connection information the CLI for Microsoft 365 can be used to build scripts, for example:
Deploy all apps that are not yet deployed in the tenant app catalog:
m365 # get all apps available in the tenant app catalog
apps=$(m365 spo app list -o json)
# get IDs of all apps that are not deployed
notDeployedAppsIds=($(echo $apps | jq -r '.[] | select(.Deployed == false) | {ID} | .[]'))
# deploy all not deployed apps
for appId in $notDeployedAppsIds; do
m365 spo app deploy -i $appId
done
First, you use the CLI for Microsoft 365 to get the list of all apps from the tenant app catalog using the spo app list
command. You set the output type to JSON and store it in a shell variable apps
. Next, you parse the JSON string using jq and get IDs of apps that are not deployed. Finally, for each ID you run the spo app deploy
CLI for Microsoft 365 command passing the ID as a command argument. Notice, that in the script, both spo
commands are run as separate commands directly in the shell. In both cases, the shell starts the CLI, executes the specified command and closes the CLI removing all of its resources from memory. Scripts, like the one mentioned above can work, because the CLI for Microsoft 365 persists its connection information.
Persisting connection information in CLI for Microsoft 365
When you log in to Microsoft 365 in the CLI for Microsoft 365, the CLI will persist the information about the connection for future reuse. For the established connection, the CLI for Microsoft 365 persists the refresh token as well as all access tokens obtained when using the different CLI commands.
Depending on the CLI for Microsoft 365 commands you have used, the CLI might persist some additional information. For example, when using commands that interact with SharePoint Online, the CLI will store the URL of your SharePoint Online tenant as well as its ID.
The CLI for Microsoft 365 stores its connection information in two JSON files located in the home directory of the current user. On MacOS and Linux, these are ~/.cli-m365-tokens.json
and ~/.cli-m365-msal.json
. On Windows, this is <root>\Users\<username>\.cli-m365-tokens.json
and <root>\Users\<username>\.cli-m365-msal.json
. The tokens
file serves as a quick lookup of tokens to speed up command execution. The msal
file is the cache of the msal-node
library used by CLI for Microsoft 365 to authenticate to Microsoft 365. Contents of both these files are not encrypted.
Removing persisted connection information
CLI for Microsoft 365 persists its connection information until you either explicitly log out from the particular service or manually remove the stored credentials.
To check if you are logged in to Microsoft 365 in the CLI for Microsoft 365, run the status
command. If you are logged in, the command will return the name of the user account or Microsoft Entra application used to log in. If you are not connected, the command will return false
.
To log out from Office, run the logout
command. Running this command will remove all previously stored connection data from your machine.