Picture this: You’re in a good workflow, ready to tick off another task – just a quick entry to a SharePoint List. Everything’s going smoothly… until it hits you right in your forehead. The list you need to update? Yeah, it lives in a completely different tenant. Suddenly, your simple task doesn’t feel quite so simple anymore.
Cross-tenant communication in Microsoft 365 is … one hell. And that is really good. it will save you data and you can sleep well every nigtht…until you need Cross-tenant communication. What a mess.
So let us take a look and I will explain to you how you can achieve it.
Shortcut
1. Create an App in the Target Tenant
2. Add the rights to write to SharePoint as Application
3. Add a Client Certificate to the App
4. Use the HTTP Action to Post a Create Message using the certificate to autheticate
5. You done it.
Brainstorming: How to Add Items to a SharePoint List Across Tenants
So, you need to create a new item in a SharePoint list – but hold up – the list lives in another tenant. You try using the built-in SharePoint “Create Item” action. Denied. You try the SharePoint HTTP action. Still no go. Why? Because both of these actions are strictly for intra-tenant communication.
That brings us to our star player: The HTTP Action. Cue dramatic music.
We all have a love-hate relationship with the HTTP action. It’s flexible, powerful, and can do almost anything (yes, you could go wild and build a custom connector – but that’s a story for another day).
The Basics: Creating a List Item via HTTP
Here’s the starting setup:
Method: POST URI: https://<target_site_url>/_api/web/lists/getbytitle('<ListName>')/items
Headers:
json
{
"Accept": "application/json;odata=verbose",
"Content-Type": "application/json;odata=verbose"
}
Body:
json
{
"__metadata": {
"type": "SP.Data.<ListName>ListItem"
},
"Column1": "Value1",
"Column2": "Value2",
"Column3": "Value3"
}
Easy enough, right?
Well… not so fast. When you test this in Power Automate, you’re hit with the dreaded unauthorized error. And yes, insert your favorite curse word here.
The Missing Link: App Registration
To play in another tenant’s sandbox, you’ll need to register an Azure AD App in that target tenant. We’ve covered the app registration steps in another article.
However, the permissions required are a bit different. You’ll need to grant Application permissions for SharePoint in Azure AD, which gives your app the ability to act without a signed-in user.
It’s not the most secure option out there – it’d be better to scope it down to the specific site but it gets the job done.
Wait… Still Unauthorized?
If you generated a client ID and secret, joke’s on you. Gotcha 😄
Because here’s where the real magic kicks in: You need to use a client certificate, not a secret. Without it, you’re still unauthorized.
Upload your certificate to the Azure app and use its base64-encoded content as your authentication credential in the HTTP action.
Success! Cross-Tenant List Item Creation Achieved.
You did it – you broke through the tenant barrier. Enjoy that sweet taste of cross-tenant automation glory.
Bonus Tip
Some guides suggest you need to register an app-only principal on the SharePoint site. Personally, I haven’t run into issues skipping that step. But if you’re stuck, check out this official Microsoft Learn page for the steps.
Final Advice
Don’t generate your client certificate on your local machine. It’s too easy to misplace it. Generate it somewhere safe and document the process—you’ll thank yourself later.
We will cover that step in another article coming next.