Forum Discussion
Authenticating with an access token Connect-MicrosoftTeams
- FYI - I raised a ticket, and it should be fixed by mid november.
Issue description:
Cannot properly run Connect-MicrosoftTeams -AccessTokens
Resolution Steps:
Escalated case with our engineering Team
Issue is known bug and currently being fixed
Expecting a fix to go out by NOV mid
I am pretty sure that this is the same problem that I am having.
This is what I am doing.
For my test added a new user to my tenant with the global admin role and is configured it to use MFA. This is the only user that in the tenant that is configured this way.
In AzureAD I then added a new App Registration which was allocated the Application (client) ID of "71045f16-xxxx-xxxx-xxxx-xxxx".
To this App Registration I added a new secret that was assigned the Secret ID "314e6c61-xxxx-xxxx-xxxx-xxxxxxxxxxxxx" and the value "YDjZy--xx~xxxxxxxxxxxxxxx.xx.xxxxx".
I also added Policy.Read.All API Permission.
I then ran the following script which acquires the access_token that is used in the Connect-MicrosoftTeams command.
$clientId = "71045f16-xxxx-xxxx-xxxx-xxxx"
$clientSecret = "YDjZy--xx~xxxxxxxxxxxxxxx.xx.xxxxx"
$tenantName = "mydomain.onmicrosoft.com"
$resource = "https://graph.microsoft.com/"
$tokenBody = @{
Grant_Type = "client_credentials"
Scope = "https://graph.microsoft.com/.default"
Client_Id = $clientId
Client_Secret = $clientSecret
}
$tokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantName/oauth2/v2.0/token" -Method POST -Body $tokenBody
Import-Module MicrosoftTeams
Connect-MicrosoftTeams -AadAccessToken $tokenResponse.access_token -AccountId mfaadmin@mydomain.netWhatever command I try to run fails with the following error:
Get-CsCloudMeetingPolicy
Get-CsOnlineSession : Run Connect-MicrosoftTeams before running cmdlets.
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.3.1\net472\SfBORemotePowershellModule.psm1:63 char:22
+ $remoteSession = & (Get-CsOnlineSessionCommand)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CsOnlineSession], UnauthorizedAccessException
+ FullyQualifiedErrorId : UnauthorizedAccessException,Microsoft.Teams.ConfigApi.Cmdlets.GetCsOnlineSession
``Invoke-Command : Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument
that is not null or empty, and then try the command again.
At C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\2.3.1\net472\SfBORemotePowershellModule.psm1:2975 char:38
+ ... -Session (Get-PSImplicitRemotingSession -CommandName 'Get-CsCloudM ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Invoke-Command], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommandWhen I run the Connect-MicrosoftTeams command with the standard credentials parameters, I am able to call all the powershell commands (that I tested with).
Is this the same issue, or should I open a separate thread?
Up until now we have been doing something trickier using New-PsSession and Import-PsSession which was working (and seemed to provide the missing "Session" that your error is complaining about). Sadly, this approach has evidently been deprecated and now only works intermittently or with specific tenants (or maybe specific back-end lync servers). Microsoft has clearly removed a working feature before they have a working replacement.
Interestingly, when it works, we get the following warning message instead of an error:
WARNING: Your tenant has been granted exception to use Skype For Business Online connector till June 15 2021. Your organization must replace the Skype for Business Online PowerShell connector module with the Teams PowerShell Module prior to that date. Please visit https://aka.ms/sfbocon2tpm for supported options.
We are facing the same issues here. Somehow the S4B OnlineConnector got removed without providing a working alternative solution to change policies scriptbased.
