SOLVED

Teams PowerShell programmatic authentication

New Contributor

Hi,

 

As apparently Teams PowerShell 2.5.0 onwards Microsoft has removed CertificateThumbPrint parameter I'm a bit puzzled on what would be the proper way to replace authentication securely without user interaction. We're running Teams provisioning in Azure Automation workbook and the authentication so far has been running with certificate but cannot update Teams PS module as it would break down the current process.

As per Docs I assume using Access tokens would be the way to go but obtaining tokens is additional hassle and as per support forums the access tokens don't seem to be very reliable solution. Examples of how to get access tokens seem to show that they should be obtained using app secrets is somewhat backwards as we moved from Power Automate to PowerShell just for the reason that we would not need to put in secrets to the HTTP API requests in plaintext. Yea, okay probably should get the secrets to PowerShell through Key vault, but still...

 

We're not using Cs-cmdlets and running currently the older 2.3.1 version for the time being so just trying to keep up with the changes but this is quite significant change for the solution.

1 Reply
best response confirmed by Kim Blomberg (New Contributor)
Solution

@Kim Blomberg 

 

If you are using Azure Automation run books you can store your secrets as credentials, these are automatically stored in an Azure Keyvault. The graph API is all HTTPS so there is no point at which you are sending credentials in the clear. 

Manage credentials in Azure Automation | Microsoft Docs

 

If you are using delegated permissions rather than application, maybe consider using Managed Identities

Using Managed Identities in Azure Automation Accounts (preview) (microsoft.com)