Connect-MicrosoftTeams with credential

Copper Contributor

Hello Community Members,

 

We are currently using the `Connect-MicrosoftTeams -Credential ` to automate our powershell script that signs in with usename and password. We wonder if the basic authentication deprecation in Exchange Online will impact the basic auth in the Teams module in any way?

 

If not, is there any risk of using this method moving forward (e.g. deprecation plan in the roadmap)?

 

Thanks in advance for your help.

4 Replies

@LC-DP 

 

Speaking to your question about direction first, Microsoft's been moving away from basic authentication across multiple fronts, including Exchange (as you've noted.)

 

If you look at the current "description" section from the Connect-MicrosoftTeams commandlet, you can infer from the "note:" that they are already in the early stages of migrating away from basic authentication, though clearly there's some distance to go given the caveats listed.

 

 

A quick search shows more Teams-centric caveats, reinforcing the idea this is very early days:

 

 

I think the intention to move away is fairly clear. It's just the timeframe that isn't.

 

Cheers,

Lain

 

Edited: Minor spelling correction.

Using -Credentials still counts as Modern authentication, so you'll be fine even when Teams cuts off basic auth (it's separate from Exchange Online). Of course, if the account is protected by MFA, you cannot use this method.
They just announced preview for application authentication for the Teams module, this is what you should be using for automation needs going forward.
Hi Vasil, thanks for your reply. Is there any reference as to what counts as Modern authentication and what's not?

@LC-DP 

 

So, basic authentication isn't something to do with PowerShell, but rather with the web service that your commandlets (i.e. Teams, Exchange Online, Azure AD, etc.) This means there is no "one rule fits all" answer to that question and you'd have to check each service individually.

 

For example, Exchange Online was originally published as a web service that made use of the basic authentication type - which you can read about in the first two paragraphs of their deprecation notice:

 

 

Teams, on the other hand (at least the newer, native Teams elements, not the previous Skype for Business components) was published without using basic authentication, which is why it's somewhat less of an issue.

 

But more importantly, in both cases, this has nothing to do with the Credentials parameter. All that does is provide a variable holding credentials. How those credentials are then used over the network to logon onto the service is out of your hands and purely a property of the web service itself.

 

If you're inclined to dig into the actual traffic using something like Fiddler, you can find your own answers based on the web request's authorisation header, but at least with Microsoft's services, you can usually find an answer on authorisation types for a given service on learn.microsoft.com.

 

Cheers,

Lain