Connect-MicrosoftTeams
The Connect-MicrosoftTeams cmdlet connects an authenticated account for use with cmdlets from the MicrosoftTeams module.
Syntax
Connect-MicrosoftTeams
[-TenantId <String>]
[-Credential <PSCredential>]
[-AccountId <String>][-LogLevel <LogLevel>]
[-LogFilePath <String>]
[-TeamsEnvironmentName <String>]
[-WhatIf]
[-Confirm][<CommonParameters>] Connect-MicrosoftTeams
[-TenantId <String>]
-AccessTokens <String[]>
[-LogLevel <LogLevel>]
[-LogFilePath <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Connect-MicrosoftTeams cmdlet connects to Microsoft Teams with an authenticated account for use with cmdlets from the MicrosoftTeams PowerShell module. After executing this cmdlet, you can disconnect from MicrosoftTeams account using Disconnect-MicrosoftTeams.
Warning
If basic authentication is not enabled, legacy *-Cs cmdlets will not function properly. For Remote PowerShell, basic authentication is necessary.
Examples
Example 1: Connect to MicrosoftTeams
This example connects to an Azure account. You must provide a Microsoft account or organizational ID credentials. If multi-factor authentication is enabled for your credentials, you must log in using the interactive option.
Connect-MicrosoftTeams
Account Environment Tenant TenantId
------- ----------- ------------------------------------ ------------------------------------
user@contoso.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxExample 2: Connect to MicrosoftTeams
The first command prompts for user credentials and stores them in the $Credential variable. The second command connects to an Azure account using the credentials stored in $credential. This account authenticates with Azure using organizational ID credentials.
$credential = Get-Credential
Connect-MicrosoftTeams -Credential $credential
Account Environment Tenant TenantId
------- ----------- ------------------------------------ ------------------------------------
user@contoso.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxExample 3: Connect to MicrosoftTeams in a specific environment
This example connects to an Azure account in a specific environment. You must provide a Microsoft account or organizational ID credentials. If multi-factor authentication is enabled for your credentials, you must log in using the interactive option.
Connect-MicrosoftTeams -TeamsEnvironmentName TeamsGCCH
Account Environment Tenant TenantId
------- ----------- ------------------------------------ ------------------------------------
user@contoso.com TeamsGCCH xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxExample 4: Connect to MicrosoftTeams using Access Tokens
This example demonstrates how to sign in using Access Tokens. Admin can retrieve Access Tokens via the login.microsoftonline.com endpoint. It requires two tokens, MS Graph Access Token and Teams Resource token.
A delegated flow, such as Resource Owner Password Credentials (ROPC) or device code, must be used, with the following delegated app permissions required.
| API | Grant type | Permission |
|---|---|---|
| Microsoft Graph | Delegated | User.Read.All |
| Microsoft Graph | Delegated | Group.ReadWrite.All |
| Microsoft Graph | Delegated | AppCatalog.ReadWrite.All |
| Skype and Teams Tenant Admin API | Delegated | user_impersonation |
$ClientID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$ClientSecret = "..."
$ClientSecret = [Net.WebUtility]::URLEncode($ClientSecret)
$TenantID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$Username = "user@contoso.onmicrosoft.com"
$Password = "..."
$Password = [Net.WebUtility]::URLEncode($Password)
$URI = "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token"
$Body = "client_id=$ClientID&client_secret=$ClientSecret&grant_type=password&username=$Username&password=$Password"
$RequestParameters = @{
URI = $URI
Method = "POST"
ContentType = "application/x-www-form-urlencoded"
}
$GraphToken = (Invoke-RestMethod @RequestParameters -Body "$Body&scope=https://graph.microsoft.com/.default").access_token
$TeamsToken = (Invoke-RestMethod @RequestParameters -Body "$Body&scope=48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default").access_token
Connect-MicrosoftTeams -AccessTokens @($GraphToken, $TeamsToken)
Account Environment Tenant TenantId
------- ----------- ------------------------------------ ------------------------------------
user@contoso.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxParameters
Specifies a Azure Active Directory Graph access token.
Warning
This parameter has been removed from version 2.3.2-preview.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies a access tokens for "MSGraph" and "Skype and Teams Tenant Admin API" resources. This new parameter is added in version 2.3.2-preview.
Following steps must be performed by Tenant Admin in the Azure portal when using your own application.
Steps to configure the AAD application.
- Go to Azure portal and go to App Registrations.
- Create or select the existing application.
- Add the following permission to this Application.
- Click API permissions.
- Click Add a permission.
- Click on the Microsoft MS Graph, and then select Delegated Permission.
- Add the following permissions: "AppCatalog.ReadWrite.All", "Group.ReadWrite.All", "User.Read.All";
- Next, we need to add "Skype and Teams Tenant Admin API" resource permission. Click Add a permission.
- Navigate to "APIs my organization uses"
- Search for "Skype and Teams Tenant Admin API".
- Add all the listed permissions.
- Grant admin consent to both MS Graph and "Skype and Teams Tenant Admin API" name.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the ID of an account.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the application ID of the service principal.
Warning
This parameter has been removed from the latest versions and replaced by the AccessTokens parameter.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.
Warning
This parameter has been removed from version 2.4.1-preview.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies a PSCredential object. For more information about the PSCredential object, type Get-Help Get-Credential.
The PSCredential object provides the user ID and password for organizational ID credentials.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Login using managed service identity in the current environment. This is currently not supported for *-Cs cmdlets.
| Type: | SwitchParameter |
| Aliases: | MSI, ManagedService |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The path where the log file for this PowerShell session is written to. Provide a value here if you need to deviate from the default PowerShell log file location.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the log level. The acceptable values for this parameter are:
- Info
- Error
- Warning
- None
The default value is Info.
| Type: | LogLevel |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Host name for managed service login.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Port number for managed service login.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Secret, used for some kinds of managed service login.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies a Microsoft Graph access token.
Warning
This parameter has been removed from version 2.3.2-preview.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Use this setting if your organization is in one of the Teams Government Cloud environments.
Specify "TeamsGCCH" if your organization is in the GCC High Environment. Specify "TeamsDOD" if your organization is in the DoD Environment.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the ID of a tenant.
If you do not specify this parameter, the account is authenticated with the home tenant.
You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.
| Type: | String |
| Aliases: | Domain, TenantDomain |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
フィードバック
フィードバックの送信と表示