Update: Still no improvement on the App Only (Unattended) front in the latest MicrosoftTeams 3.0.0. module. The only reported working method is by using Delegate permissions as stated in the Docs under 'AccessTokens' parameter directions.
If someone has an ETA on something more useful, please post here
Graph token with MicrosoftTeams 2.0 module
I am trying to use graph authentication token via app registration to query and update Teams collaboration parameters on user account.
Using the latest 2.0 MicrosoftTeams PS module.
I am able to connect and also able to execute Teams specific PS commands such as Get-Team
However I am getting an error running non Teams specific commands such Get-CsOnlineUser. Error appears to be permission specific.
I have granted all possible API permissions (application level), however nothing seems to work.
Any advice would be much appreciated.
Connection string looks as following:
$clientId = "XXXXX"
$tenantId = "YYYYY"
$clientSecret = "ZZZZZZ"
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -Body $body -ContentType "application/x-www-form-urlencoded" -UseBasicParsing
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
Connect-MicrosoftTeams -AadAccessToken $token -MsAccessToken $token -Verbose -AccountId account123@365domain.com
API permissions granted:
Directory.Read.All
Group.Read.All
GroupMember.Read.All
MailboxSettings.Read
OnlineMeetings.Read.All
Organization.Read.All
People.Read.All
Team.ReadBasic.All
TeamMember.Read.All
TeamSettings.Read.All
User.Export.All
User.Read.All
User.ReadWrite.All
Microsoft Teams Graph Service (2)
Graph.ReadWrite.All
ResourceSpecificPermission.Read.All
Microsoft Teams Services (1)
User.Read.All
Skype and Teams Tenant Admin API (1)
application_access
10 answers
Sort by: Newest
-
SjoerdV 1 Reputation point
2021-12-09T19:17:53.64+00:00 -
UCMadScientist 16 Reputation points MVP
2021-06-13T12:01:39.223+00:00 @sikumars-msft Unfortunately, this is not what Alex is referring to.
In summary he, and other admins such as myself are experiencing an issue attempting to run "cs" cmndlets in the MicrosoftTeams PowerShell module when using App or Token authentication.
This is an issue now as the Skype4BOnline module was previously responsible for the "cs" cmdlets like Get-CsUser. That module has now been retired and cant connect to O365 at all. and all the "Cs" cmdlets have been moved into the MicrosoftTeams PS module.
When connecting using the Connect-MicrosoftTeams cmdlet. it silently stores the users credentials and effectively runs a "new-csonlinesession" cmdlet whenever we invoke a "CS" cmdlet
Thats fine if we are providing credentials in an interactive manner, but not effective if we are using automation or authenticating against multiple tenants.
I have seen some PG members suggest storing the username/password in the PowerShell script as a workaround, but this wont work around MFA (and is a massive security risk)The reason we use AppAuthentication is that users never need to give us their credentials, we don't need to store them, we arent a security risk because all they have to do is approve our app in the Office365 admin centre.
So the question is, when are we going to see some form of app/token/certificate authentication for the CS cmdlets?
-
Siva-kumar-selvaraj 15,566 Reputation points
2021-05-24T16:01:59.243+00:00 Hello @Alex Berin ,
I hope this thread may help you. Thanks.
--------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well. -
A Zond, Abhinandan 1 Reputation point
2021-05-21T03:09:51.44+00:00 Hi ..it works weird with Module version 2.3.1. When I execute script line by line it works!
But when I run the script .. it wont work..have all the permissions set exactly same. The error says " Run Connect-MicrosoftTeams before running cmdlets" even though am connected successfully.
-
Wajeed-MSFT 231 Reputation points Microsoft Employee
2021-05-06T16:54:57.113+00:00 You can only use app permissions to run the Teams cmdlets at this point. The non-Teams specific ones like Get-CsOnlineUser aren't supported for app permission at this point, support is being worked on.