I am trying to use powershell to connect to microsoft teams with an admin user that is configured with MFA.
Although Connect-MicrosoftTeams seems to complete successfully with the following output.
Account Environment Tenant TenantId
------- ----------- ------ --------
mfaadmin@mydomain.net AzureCloud 44cbfb1e-xxxx-xxxx-xxxx-xxxxxxxxxxxx 44cbfb1e-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Whatever command I try to run fails with the following error:
Get-CsCloudMeetingPolicy
Get-CsOnlineSession : Run Connect-MicrosoftTeams before running cmdlets.
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.3.1\net472\SfBORemotePowershellModule.psm1:63 char:22
+ $remoteSession = & (Get-CsOnlineSessionCommand)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CsOnlineSession], UnauthorizedAccessException
+ FullyQualifiedErrorId : UnauthorizedAccessException,Microsoft.Teams.ConfigApi.Cmdlets.GetCsOnlineSession
``Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument
that is not null or empty, and then try the command again.
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.3.1\net472\SfBORemotePowershellModule.psm1:2975 char:38
+ ... -Session (Get-PSImplicitRemotingSession -CommandName 'Get-CsCloudM ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Invoke-Command], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand
The user is a new user has the role global admin and is configured with MFA. This is the only user that in the tenant that is configured this way.
On my tenant I added a new App Registration which was allocated the Application (client) ID of "71045f16-xxxx-xxxx-xxxx-xxxx".
To this App Registration I added a new secret that was assigned the Secret ID "314e6c61-xxxx-xxxx-xxxx-xxxxxxxxxxxxx" and the value "YDjZy--xx~xxxxxxxxxxxxxxx.xx.xxxxx".
I also added Policy.Read.All API Permission.
I then ran the following script which acquires the access_token that is used in the Connect-MicrosoftTeams command.
$clientId = "71045f16-xxxx-xxxx-xxxx-xxxx"
$clientSecret = "YDjZy--xx~xxxxxxxxxxxxxxx.xx.xxxxx"
$tenantName = "mydomain.onmicrosoft.com"
$resource = "https://graph.microsoft.com/"
$tokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $clientId
Client_Secret = $clientSecret
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token" -Method POST -Body $tokenBody
Import-Module MicrosoftTeams
Connect-MicrosoftTeams -AadAccessToken $tokenResponse.access_token -AccountId mfaadmin@mydomain.net
When I run the Connect-MicrosoftTeams command with the standard credentials parameters, I am able to call all the powershell commands (that I tested with).
What am I missing here?
Thanks in advance.