I am trying to use graph authentication token via app registration to query and update Teams collaboration parameters on user account.
Using the latest 2.0 MicrosoftTeams PS module.
I am able to connect and also able to execute Teams specific PS commands such as Get-Team
However I am getting an error running non Teams specific commands such Get-CsOnlineUser. Error appears to be permission specific.
I have granted all possible API permissions (application level), however nothing seems to work.
Any advice would be much appreciated.
Connection string looks as following:
$clientId = "XXXXX"
$tenantId = "YYYYY"
$clientSecret = "ZZZZZZ"
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -Body $body -ContentType "application/x-www-form-urlencoded" -UseBasicParsing
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
Connect-MicrosoftTeams -AadAccessToken $token -MsAccessToken $token -Verbose -AccountId account123@365domain.com
API permissions granted:
Directory.Read.All
Group.Read.All
GroupMember.Read.All
MailboxSettings.Read
OnlineMeetings.Read.All
Organization.Read.All
People.Read.All
Team.ReadBasic.All
TeamMember.Read.All
TeamSettings.Read.All
User.Export.All
User.Read.All
User.ReadWrite.All
Microsoft Teams Graph Service (2)
Graph.ReadWrite.All
ResourceSpecificPermission.Read.All
Microsoft Teams Services (1)
User.Read.All
Skype and Teams Tenant Admin API (1)
application_access

