Connect to Microsoft Teams PowerShell using Azure App reg. (Service principal) 

Intro
Not long ago Microsoft finally release a new version for the Microsoft Teams PowerShell module (4.8.0) that adds the ability to authenticate to Microsoft Teams using a Azure App reg. 
Using a Azure App reg. Is in my opnion the most secure way to authenticate when you are running scheduled task (or simlar). So if you are not using this method in your automation scripts with Teams, you should start ajusting (on your own risk ofc). 
The ability to use this method to authenticate has not been working for at least 1½ year (as of this writing) so I’m very excited to share the method with you guys. 

Geeting the Azure App reg. Ready for Microsoft Teams.
I wont be going in to details about how to create a Azure app reg and how to assign permissions to it. You can how ever read about here: https://www.christianfrohn.dk/2022/04/23/connect-to-microsoft-graph-with-powershell-using-a-certificate-and-an-azure-service-principal/ 

Once you have create the Azure app reg. Assign the following permissions: 

  • AppCatalog.ReadWrite.All 
  • Channel.Delete.All 
  • ChannelMember.ReadWrite.All 
  • ChannelSettings.ReadWrite.All 
  • Group.ReadWrite.All 
  • TeamSettings.ReadWrite.All 
  • User.Read.All 

NOTE: These are all application permissions. – REMEMBER TO GRANT CONSENT! 

The last permissions you need is found under Azure Active Directory -> Roles and administrators. Here you need to assign Skype for Business administrator to the Azure App reg. – This is done the same way as with users that needs a Azure administrator role. 

Once you have done this, you are ready to open up your favorit PowerShell editor an start connecting. 

Connect to Teams
To connect to Microsoft Teams, you can copy this sample below and adjust the following parameters with your information: 

$ClientSecret 
$ApplicationID 
$TenantID

You will need to install Microsoft Teams PowerShell Module version 4.8.0+ before running this sample

You can also connect to Microsoft Teams with a certificate, this is a more simple way to do it 

You should now have connected to Microsoft Teams using one of the two samples – You can give it a try be running: Get-CsOnlineUser fx. 

Wrapping up
Since Microsoft more or less just released the module with version number 4.8.0 there are some commands that doesn’t work with this connection method and they are: 

New-Team 
[Get|Set|New|Sync]-CsOnlineApplicationInstance 
*-CsUserCallingSettings 
*-CsUserCallingDelegate 
*PolicyPackage* 
*-CsTeamsShiftsConnection* 
*-CsBatchTeamsDeployment*