Forum Discussion

JFM_12's avatar
JFM_12
Iron Contributor
Jul 30, 2024
Solved

List of Teams with uses Connectors

Hello Is there a way (Powershell, Power BI) to get a list of the Teams who use connectors and which ones (Name) they use? We have 180k teams but want only the teams that use the connectors and have...
Administrator
developer
microsoft teams
  • Sayali-MSFT's avatar
    Sayali-MSFT
    Aug 06, 2024

    JFM_12 - The error message you're seeing, (403) Forbidden, indicates that the request you're making using Invoke-RestMethod in PowerShell is being blocked due to permission issues. 

    1. Verify API Permissions
    Make sure that the API endpoint you're trying to access is properly authorized and that the token or credentials used in the request have the correct permissions.

    • Check API Documentation: Ensure you have the correct permissions for the API you're calling. For Microsoft Teams APIs, this often means ensuring that your app has the required permissions granted in Azure AD.

    • Check Azure AD Permissions: If you're using OAuth tokens, ensure that your Azure AD application has the necessary permissions (e.g., Group.Read.All, User.Read.All, etc.) and that these permissions have been granted and consented to by an administrator.

    2. Validate Authentication

    Ensure your authentication token or credentials are correct and valid:

    • Generate a New Token: If you're using OAuth tokens, generate a new one and ensure it's being passed correctly in the request headers.

    • Check Token Expiry: Tokens have a limited lifespan. Verify that the token you're using has not expired.

      The (403) Forbidden error typically means that authentication or authorization is failing. By verifying permissions, ensuring correct authentication, and inspecting request details, you can usually resolve such issues.

Sayali-MSFT's avatar
Sayali-MSFT
Icon for Microsoft rankMicrosoft
Jul 31, 2024

JFM_12 -

To identify which Teams are using connectors and to get a list of those connectors, you can use PowerShell with Microsoft Graph API. 

Here’s a detailed approach to achieve this:

Using Microsoft Graph API with PowerShell

  1. Register an Application in Azure AD:

    • Go to the Azure Portal.
    • Navigate to Azure Active Directory > App registrations > New registration.
    • Provide a name, and for redirect URI, you can use https://localhost (if you're not using it, it won't affect the process here).
    • After registration, go to API permissions, add Microsoft Graph API with Group.Read.All and Team.ReadBasic.All permissions (and grant admin consent).
    • Go to Certificates & secrets and create a new client secret. Note down the Client ID, Tenant ID, and Client Secret.

  2. Use PowerShell to Query Microsoft Graph API:

    Install the Microsoft.Graph PowerShell module if you haven't already:
    Install-Module Microsoft.Graph

    Use the following PowerShell script to get the Teams and their connectors:
    # Define parameters
$tenantId = "YOUR_TENANT_ID"
$clientId = "YOUR_CLIENT_ID"
$clientSecret = "YOUR_CLIENT_SECRET"

# Authenticate to Microsoft Graph
$scope = "https://graph.microsoft.com/.default"
$tokenRequestBody = @{
Grant_Type = "client_credentials"
Client_Id = $clientId
Client_Secret = $clientSecret
Scope = $scope
}

$tokenResponse = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -ContentType "application/x-www-form-urlencoded" -Body $tokenRequestBody
$accessToken = $tokenResponse.access_token

# Define the Graph API endpoint to get the list of Teams
$teamsUrl = "https://graph.microsoft.com/v1.0/teams"

# Get the list of Teams
$teams = Invoke-RestMethod -Method Get -Uri $teamsUrl -Headers @{ Authorization = "Bearer $accessToken" }

# Iterate through each team to get connectors
foreach ($team in $teams.value) {
$teamId = $team.id
$teamName = $team.displayName

# Get connectors for the team
$connectorsUrl = "https://graph.microsoft.com/v1.0/teams/$teamId/installedApps"
$connectorsResponse = Invoke-RestMethod -Method Get -Uri $connectorsUrl -Headers @{ Authorization = "Bearer $accessToken" }

# Filter connectors
$connectors = $connectorsResponse.value | Where-Object { $_.teamsApp.displayName -ne $null }
if ($connectors.Count -gt 0) {
Write-Output "Team: $teamName"
foreach ($connector in $connectors) {
Write-Output " Connector: $($connector.teamsApp.displayName)"
}
}
}

    This script retrieves a list of Teams and their connectors by querying Microsoft Graph API. You may need to handle pagination if you have many Teams.

    Important Note: -The existing Microsoft 365 (previously called Office 365) connectors across all cloud platforms are nearing deprecation, and the creation of new Microsoft 365 connectors will soon be blocked. For more information on the schedule and how the Workflows app provides a more flexible and secure experience, see retirement of Microsoft 365 connectors within Microsoft Teams.

    Document -Webhooks and connectors - Teams | Microsoft Learn

JFM_12's avatar
JFM_12
Iron Contributor
Jul 31, 2024

Hi Sayali-MSFT
Thank you very much.

Yes I know, that is why I want to contact our users to let them know.
I will try it.
Have a great time
JFM_12

  • JFM_12's avatar
    JFM_12
    Iron Contributor
    Aug 05, 2024

    Sayali-MSFT 
    Hello

    I have tried to run the script.

    Unfortunately I get the error

    Invoke-RestMethod : The remote server returned an error: (403) Forbidden.
At line:22 char:10
+ $teams = Invoke-RestMethod -Method Get -Uri $teamsUrl -Headers @{ Aut ...
+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

     

    Do you have an idea

     

    Regards

     

    JFM_12 

    • Sayali-MSFT's avatar
      Sayali-MSFT
      Icon for Microsoft rankMicrosoft
      Aug 06, 2024

      JFM_12 - The error message you're seeing, (403) Forbidden, indicates that the request you're making using Invoke-RestMethod in PowerShell is being blocked due to permission issues. 

      1. Verify API Permissions
      Make sure that the API endpoint you're trying to access is properly authorized and that the token or credentials used in the request have the correct permissions.

      • Check API Documentation: Ensure you have the correct permissions for the API you're calling. For Microsoft Teams APIs, this often means ensuring that your app has the required permissions granted in Azure AD.

      • Check Azure AD Permissions: If you're using OAuth tokens, ensure that your Azure AD application has the necessary permissions (e.g., Group.Read.All, User.Read.All, etc.) and that these permissions have been granted and consented to by an administrator.

      2. Validate Authentication

      Ensure your authentication token or credentials are correct and valid:

      • Generate a New Token: If you're using OAuth tokens, generate a new one and ensure it's being passed correctly in the request headers.

      • Check Token Expiry: Tokens have a limited lifespan. Verify that the token you're using has not expired.

        The (403) Forbidden error typically means that authentication or authorization is failing. By verifying permissions, ensuring correct authentication, and inspecting request details, you can usually resolve such issues.

      • JFM_12's avatar
        JFM_12
        Iron Contributor
        Aug 06, 2024
        Hi Sayali-MSFT
        Thank you very much
        Heinrich

Resources