SOLVED

c# and MicrosoftTeams PowerShell Modul 3.1.0

Copper Contributor

Hi!

I have a C# program that uses the MicrosoftTeams PowerShell Modul to read policies etc.

It did work well with Modul Version 2.6.1

After updating to 3.1.0, login via MFA doesn't work anymore (non-MFA still works).

PowerShell Error:

Exception = {"Broker response returned error: WAM Error Wam plugin Microsoft.Identity.Client.Platforms.Features.WamBroker.AadPlugin Error code: 3399548929 Error Message: Need user interaction to continue."}

 

In WIndows Event Viewer:

Error: 0xCAA2000C The request requires user interaction.
Code: interaction_required
Description: AADSTS50078: Presented multi-factor authentication has expired due to policies configured by your administrator, you must refresh your multi-factor authentication to access 'c5fde071-9440-4083-9e3c-b6712ad6e4d5'.
Trace ID: 195be915-61f3-4dcc-a53a-70f455ce7200
Correlation ID: 49f54e0f-c928-46c2-b000-8bf1511383a7
Timestamp: 2022-01-27 17:06:55Z
TokenEndpoint: https://login.microsoftonline.com/common/oauth2/token
Logged at OAuthTokenRequestBase.cpp, line: 449, method: OAuthTokenRequestBase::ProcessOAuthResponse.

Request: authority: https://login.microsoftonline.com/common, client: ecd6b820-32c2-49b6-98a6-444530e5a77a, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/ecd6b820-32c2-49b6-98a6-444530e5a77a, resource: c5fde071-9440-4083-9e3c-b6712ad6e4d5, correlation ID (request): 49f54e0f-c928-46c2-b000-8bf1511383a7

 

Any ideas?

 

Thanks in advance, Joerg

6 Replies
We are looking into this issue. We will update you.

We got an update from the engineering team saying -
MFA is supported only with interactive option, Please refer - https://docs.microsoft.com/en-us/powershell/module/teams/connect-microsoftteams?view=teams-ps

 

Thanks, 

Meghana

---------------------------------------------------------------------------------------------------------

If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate. 

What - excatly - do they mean with "interactiv option"? Where can I set such an option?
When you connect to Azure AD or Exchange with an MFA enabled account, the interactive Logon Windows pops up and you can log on interactively (same behavior in ISE and C#). When you do the same with Teams, PowerShell throws the error mentioned above. So the behavior of the Teams Modul is not consistent with AAD or Exchange.
By the way: if you issue the command in ISE directly, it works even with Teams. If you issue the same command via C#, it doesn't work.
best response confirmed by joergsc_4711 (Copper Contributor)
Solution

@joergsc_4711 - The engineering team has ran command in C# for a test tenant with MFA enabled and it is working fine in  version 3.1.1. Sharing the script and the output.

Script :

MeghanaMSFT_0-1644240167480.jpeg

Output :

MeghanaMSFT_1-1644240183512.png

 

Can you please update version and try again? And if failing again please share the complete screenshot of error and script?

@Meghana-MSFT - YES. That works. The difference is the -AccountId Parameter.
My original statement was ...AddCommand("Connect.MicrosoftTeams -AccountId Email address removed")
Then PowerShell returns with error: "Broker response returned error: WAM Error Wam plugin Microsoft.Identity.Client.Platforms.Features.WamBroker.AadPlugin Error code: 3399548929 Error Message: Need user interaction to continue."
If you omit the -AccountId Parameter, it works.
This is different from AzureAd Modul. There you can specify the -AccountId Parameter to prepopulate the interactive MFA Login Window.
Without your screenshot it would have taken ages to find this.
So: many thanks!!

@joergsc_4711 - 

If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate. 

 

1 best response

Accepted Solutions
best response confirmed by joergsc_4711 (Copper Contributor)
Solution

@joergsc_4711 - The engineering team has ran command in C# for a test tenant with MFA enabled and it is working fine in  version 3.1.1. Sharing the script and the output.

Script :

MeghanaMSFT_0-1644240167480.jpeg

Output :

MeghanaMSFT_1-1644240183512.png

 

Can you please update version and try again? And if failing again please share the complete screenshot of error and script?

View solution in original post