doc updates

Author: jansenbe

docs/transform/media/modernize/scanner_consent.png

@@ -1,7 +1,7 @@
 ---
 title: The SharePoint modernization scanner
 description: Gets you started with the SharePoint modernization scanner
-ms.date: 02/14/2020
+ms.date: 07/13/2020
 ms.prod: sharepoint
 localization_priority: Priority
 ---
@@ -32,7 +32,7 @@ Since SharePoint Online continuously evolves and more and more modern capabiliti
 
 ## Step 2: Preparing for a scan
 
-Since a typical scan needs to be able to scan all site collections, it's recommended to use an app-only principal with tenant scoped permissions for the scan. This approach will ensure the scanner always has access, if you use an account (for example, your SharePoint tenant admin account) then the scanner can only access the sites where this user also has access. You can either use an Azure AD application or a SharePoint app principal for app-only access:
+Since a typical scan needs to be able to scan all site collections, it's recommended to use an app-only principal with tenant scoped permissions for the scan. This approach will ensure the scanner always has access, if you use an account (for example, your SharePoint tenant admin account) then the scanner can only access the sites where this user also has access. You can either use an Azure AD application or a SharePoint app principal for app-only access and below links describe the manual approach to setting up things. As the recommended approach is Azure AD App-Only, you can easy the setup of your Azure AD application by using the [PnP PowerShell](https://aka.ms/pnppowershell) `Initialize-PnPPowerShellAuthentication` cmdlet. See the **Using Initialize-PnPPowerShellAuthentication to setup Azure AD App-Only** chapter for more details.
 
 - [Granting access via Azure AD App-Only (recommended)](../solution-guidance/security-apponly-azuread.md)
 - [Granting access via SharePoint App-Only](../solution-guidance/security-apponly-azureacs.md)
@@ -44,6 +44,26 @@ Since a typical scan needs to be able to scan all site collections, it's recomme
 
 Once the preparation work is done, let's continue with doing a scan.
 
+### Using Initialize-PnPPowerShellAuthentication to setup Azure AD App-Only
+
+To configure Azure AD App-Only using PnP PowerShell follow these steps:
+
+1. Install [PnP PowerShell](https://aka.ms/pnppowershell) or update it to the April 2020 or a more recent version
+2. Use the `Initialize-PnPPowerShellAuthentication` cmdet to setup an Azure AD app:
+
+```PowerShell
+Initialize-PnPPowerShellAuthentication -ApplicationName ModernizationScannerApp -Tenant contoso.onmicrosoft.com -Scopes "SPO.Sites.FullControl.All","MSGraph.Group.Read.All"  -OutPath c:\temp -CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force)
+```
+
+3. You'll be asked to authenticate, ensure you authenticate with a user that is a tenant administrator
+4. The cmdlet will setup an Azure AD app and wait for 60 seconds to give Azure AD time to handle the App creation
+5. You'll be asked to consent the permissions granted to the created Azure AD application:
+   1. First you'll be asked to login again, use a tenant administrator account
+   2. Next the consent dialog is shown with the requested permissions (see screenshot below). Click **Accept**
+6. Store the returned AzureAppId, created PFX file and password somewhere safe, you'll need to use it as described in below chapter **Authenticate via Azure AD app-only**
+
+![Scanner consent](media/modernize/scanner_consent.png)
+
 ## Step 3: Launch a scan using the user interface option
 
 The easiest approach is to simply launch SharePoint.Modernization.Scanner.exe as the scanner does have a UI. Alternatively you can start a (PowerShell) command prompt and navigate to that folder so that you can use the scanner via command line. This chapter will walk you through the UI option taking a typical **full** scan. Start by launching the SharePoint.Modernization.Scanner.exe.