Create Team with run as account

Brass Contributor

Hi,

 

I´m quite new to automation in Azure but done a couple of thing, however, now we're about to create a standard to create a Team with a connected Planner from a "template"model for new customers so we can have a number of channels and a connected Planner with a number of pre-defined tasks.

 

So, obvious my way to go is to create a Azure Runbook and call it from a Power Automate flow.

 

But, I've started with the first part, which is to create the Team, that's not an issue as long I'm using my admin-credentials before, but we're a CPS-partner and have forced MFA which can't have any exclusion so I need to come up with another solution.

 

I've tried to read how to create an application and use Microsoft Graph, but it seems like it still need my credentials? Or am I doing anything wrong?

I've tried to use the RunAsAccount and gave that account access to both Microsoft Teams and Groups, both to create and view.

 

Here is the command for now:

Param(
    [string] $teamname#The name of the team
    [string] $teamowner#Owner of the team
    [string] $mailnickname#Mailadress of the theam
    [string] $visibilty #Visibility of the team
)
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Connect-MicrosoftTeams -Tenant $Conn.TenantID `
-ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
 
$newteam = New-Team -DisplayName $teamname -Owner $teamowner -Visibility $visibilty -MailNickName $mailnickname
 
disconnect-microsoftteams
 
I get an internal error which I can't find any solution for, so I tried to just fetch the groups we have internally and see if that works with command:
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Connect-MicrosoftTeams -Tenant $Conn.TenantID `
-ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint

get-team
 
disconnect-microsoftteams
 
And on that command I get following error:
Account      : 81a087e5-XXXXXXX-ec8f092
Environment  : AzureCloud
Tenant       : 5f-XXXXXXXXXXXX-8c
TenantId     : 5-XXXXXXXXXXXXXX-c
TenantDomain : xxxxx.xx
An error occurred while fetching team with groupId: 9-bxxxxxxxx-6
Error occurred while executing 
Code: UnknownError
Message: 
InnerError:
  RequestId: 8-xxxxxxxxx-c9
  DateTimeStamp: 2020-02-29T12:56:41
HttpStatusCode: UnknownError
An error occurred while fetching team with groupId:3xxxxxxxxxxxxx3
Error occurred while executing 
Code: UnknownError
Message: 
InnerError:
  RequestId: 38xxxxxxxxxxxxxxxxxxxb
  DateTimeStamp: 2020-02-29T12:56:41
HttpStatusCode: UnknownError

 

And this continues to the amount of Teams we have so it seems it can fetch some information but not everything, what have I done wrong or is it limitation in the service?

 

How can in that case use the App I´ve created to connect to Graph API without my credentials since it won't work because the MFA.

 

//Martin

0 Replies