Share via

Graph token with MicrosoftTeams 2.0 module

Alex Berin 1 Reputation point
2021-04-05T13:36:29.233+00:00

I am trying to use graph authentication token via app registration to query and update Teams collaboration parameters on user account.
Using the latest 2.0 MicrosoftTeams PS module.

I am able to connect and also able to execute Teams specific PS commands such as Get-Team
However I am getting an error running non Teams specific commands such Get-CsOnlineUser. Error appears to be permission specific.

I have granted all possible API permissions (application level), however nothing seems to work.

Any advice would be much appreciated.

Connection string looks as following:

$clientId = "XXXXX"
$tenantId = "YYYYY"
$clientSecret = "ZZZZZZ"

$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}

$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -Body $body -ContentType "application/x-www-form-urlencoded" -UseBasicParsing

$token = ($tokenRequest.Content | ConvertFrom-Json).access_token

Connect-MicrosoftTeams -AadAccessToken $token -MsAccessToken $token -Verbose -AccountId account123@365domain.com

API permissions granted:
Directory.Read.All
Group.Read.All
GroupMember.Read.All
MailboxSettings.Read
OnlineMeetings.Read.All
Organization.Read.All
People.Read.All
Team.ReadBasic.All
TeamMember.Read.All
TeamSettings.Read.All
User.Export.All
User.Read.All
User.ReadWrite.All

Microsoft Teams Graph Service (2)
Graph.ReadWrite.All
ResourceSpecificPermission.Read.All
Microsoft Teams Services (1)
User.Read.All
Skype and Teams Tenant Admin API (1)
application_access

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,444 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,189 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,991 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,443 questions

10 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Berin 1 Reputation point
    2021-04-27T15:00:25.01+00:00

    Hi Kaktheek,

    I don't believe this is an MA issue as I am able to execute Teams specific cmdlets, but not voice related (previous SFBO module) cmdlets. To me it looks that Graph API permissions are missing for the "application" level.
    Tried installing latest preview module and getting the same result. Teams cmdlets work, but voice cmdlets don't.

    Get-CsOnlineUser returns:
    Get-CsOnlineSession : Run Connect-MicrosoftTeams before running cmdlets.
    At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.2.0\net472\SfBORemotePowershellModule.psm1:57 char:22

    • $remoteSession = & (Get-CsOnlineSessionCommand)
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : NotSpecified: (:) [Get-CsOnlineSession], UnauthorizedAccessException
    • FullyQualifiedErrorId : UnauthorizedAccessException,Microsoft.Teams.ConfigApi.Cmdlets.GetCsOnlineSession

    Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument that is not null or empty, and then try the
    command again.
    At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.2.0\net472\SfBORemotePowershellModule.psm1:9480 char:38

    • ... -Session (Get-PSImplicitRemotingSession -CommandName 'Get-CsOnline ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidData: (:) [Invoke-Command], ParentContainsErrorRecordException
    • FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand
  2. Wajeed-MSFT 231 Reputation points Microsoft Employee
    2021-05-06T16:54:57.113+00:00

    You can only use app permissions to run the Teams cmdlets at this point. The non-Teams specific ones like Get-CsOnlineUser aren't supported for app permission at this point, support is being worked on.

  3. A Zond, Abhinandan 1 Reputation point
    2021-05-21T03:09:51.44+00:00

    Hi ..it works weird with Module version 2.3.1. When I execute script line by line it works!
    98425-image.png

    But when I run the script .. it wont work..have all the permissions set exactly same. The error says " Run Connect-MicrosoftTeams before running cmdlets" even though am connected successfully.
    98451-image.png

    0 comments
  4. Siva-kumar-selvaraj 15,591 Reputation points
    2021-05-24T16:01:59.243+00:00

    Hello @Alex Berin ,

    I hope this thread may help you. Thanks.

    --------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  5. SjoerdV 1 Reputation point
    2021-12-09T19:17:53.64+00:00

    Update: Still no improvement on the App Only (Unattended) front in the latest MicrosoftTeams 3.0.0. module. The only reported working method is by using Delegate permissions as stated in the Docs under 'AccessTokens' parameter directions.
    If someone has an ETA on something more useful, please post here

    0 comments