Forum Discussion

fadc80's avatar
fadc80
Copper Contributor
Aug 30, 2021

Error creating application access policy

I'm trying to create online meetings using Microsoft Graph API, but it is not working as expected. The cmdlet Connect-MicrosoftTeams with an MFA enabled account seems to work fine. It outputs:

Account | Environment | Tenant | TenantId
<MY-ACCOUNT> | AzureCloud | <TENANT> | <TENANTID>

However, when I run the command to create an application access policy:

New-CsApplicationAccessPolicy -Identity Test-policy -AppIds "<MY-APP-ID>" -Description "Test policy"

I get the following error:

Get-CsOnlineSession: C:\Users\fadc8\OneDrive\Documentos\PowerShell\Modules\MicrosoftTeams\2.5.0\netcoreapp3.1\SfBORemotePowershellModule.psm1:273
Line |
273 | $remoteSession = (Get-CsOnlineSessionCommand)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Run Connect-MicrosoftTeams before running cmdlets.
Invoke-Command: C:\Users\fadc8\OneDrive\Documentos\PowerShell\Modules\MicrosoftTeams\2.5.0\netcoreapp3.1\SfBORemotePowershellModule.psm1:113
Line |
113 | -Session $session `
| ~~~~~~~~
| Cannot validate argument on parameter 'Session'. The argument is null or empty. Provide an argument
| that is not null or empty, and then try the command again.

I found the source script:

https://www.powershellgallery.com/packages/MicrosoftTeams/2.5.0/Content/net472%5CSfBORemotePowershellModule.psm1

It is looking for an implicit remote session...

I don't know if it is relevant, but the MSA I'm using has Global Administator privillege.

Could you help me to understand what is wrong?

Workstation configuration:

Windows 10
PowerShell 7.1.4
PowerShellGet 2.2.5
MicrosoftTeams 2.5.0

api
Meetings
microsoft teams
powershell
  • fadc80's avatar
    fadc80
    Sep 01, 2021

    Hi Hunaid, thank you. Following your suggestion I got this error:

    Connect-MicrosoftTeams: One or more errors occurred. (ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details. )
    Connect-MicrosoftTeams: ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details.
    Connect-MicrosoftTeams: One or more errors occurred. (ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details. )

    I was using my MSA, then I tried with an Office 365 dev tenant account and even my initial approach worked like a charm.

    The documentation is not clear about that. It states only permission type Delegated (personal microsoft account) is not supported, but I was using permission type Application along with my MSA.

  • HunaidHanfee-MSFT's avatar
    HunaidHanfee-MSFT
    Icon for Microsoft rankMicrosoft
    Aug 31, 2021
    Hello,
    Thank you for sharing this with us. We are looking into this and I will update you soon about this issue.
  • HunaidHanfee-MSFT's avatar
    HunaidHanfee-MSFT
    Icon for Microsoft rankMicrosoft
    Aug 31, 2021

    fadc80 -
    I tried doing this and faced no issue,
    Try again by doing Disconnect-MicrosoftTeams and closing PowerShell.
    Below is what I tried

     

    > Import-Module MicrosoftTeams
> $credential = Get-Credential

PowerShell credential request
Enter your credentials.
User: user@example.com
Password for user user@example.com: **********
> Connect-MicrosoftTeams -Credential $credential
> New-CsApplicationAccessPolicy -Identity Test-policy -AppIds "ca2e3d70-0000-0000-ae13-124f30000006" -Description "Test policy"

Identity    : Tag:Test-policy
AppIds      : {ca2e3d70-0000-0000-ae13-124f30000006}
Description : Test policy

     

    Could you please try doing this way once? 

    It worked on: 
    Windows 10
    PowerShell 7.1.4
    MicrosoftTeams 2.5.0

     

    Thanks, 

    Hunaid Hanfee

    --------------------------------------------------------------------------------------------------------

    If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate. 



    • fadc80's avatar
      fadc80
      Copper Contributor
      Sep 01, 2021

      Hi Hunaid, thank you. Following your suggestion I got this error:

      Connect-MicrosoftTeams: One or more errors occurred. (ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details. )
      Connect-MicrosoftTeams: ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details.
      Connect-MicrosoftTeams: One or more errors occurred. (ROPC does not support MSA accounts. See https://aka.ms/msal-net-ropc for details. )

      I was using my MSA, then I tried with an Office 365 dev tenant account and even my initial approach worked like a charm.

      The documentation is not clear about that. It states only permission type Delegated (personal microsoft account) is not supported, but I was using permission type Application along with my MSA.

Resources