Creating Team Channels in Customer Tenant using Secure App Model

%3CLINGO-SUB%20id%3D%22lingo-sub-1408496%22%20slang%3D%22en-US%22%3ECreating%20Team%20Channels%20in%20Customer%20Tenant%20using%20Secure%20App%20Model%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1408496%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20completed%20all%20of%20the%20prescribed%20tasks%20to%20create%20an%20App%20registration%20in%20the%20customers%20tenant.%20The%20app%20has%20been%20granted%20the%20following%20permissions%20(all%20showing%20%22Granted%22)%3A%3CBR%20%2F%3E%3CBR%20%2F%3EAzure%20Active%20Directory%20Graph%3A%3CBR%20%2F%3E--%26gt%3B%20Directory.AccessAsUser.All%20%7C%20Delegated%20%7C%20Access%20the%20directory%20as%20the%20signed-in%20user%3CBR%20%2F%3E--%26gt%3B%20Directory.Read.All%20%7C%20Application%20%7C%20Read%20directory%20data%3CBR%20%2F%3E--%26gt%3B%20User.Read%20%7C%20Delegated%20%7C%20Sign%20in%20and%20read%20user%20profile%3CBR%20%2F%3EMicrosoft%20Graph%3A%3CBR%20%2F%3E--%26gt%3B%20Directory.Read.All%20%7C%20Application%20%7C%20Read%20directory%20data%3CBR%20%2F%3E--%26gt%3B%20SecurityEvents.Read.All%20%7C%20Application%20%7C%20Read%20your%20organization's%20security%20events%3CBR%20%2F%3EMicrosoft%20Partner%20Center%3A%3CBR%20%2F%3E--%26gt%3B%20user_impersonation%20%7C%20Delegated%20%7C%20Access%20Partner%20Center%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20successfully%20obtained%20the%20refresh%20token%20and%2C%20subsequently%2C%20an%20access%20token.%20I%20can%20successfully%20connect%20to%20the%20customers%20Teams%20using%20Connect-MicrosoftTeams%20which%20returns%20the%20correct%20Account%2C%20Environment%2C%20Tenant%2C%20TenantId%2C%20and%20TenantDomain.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20PowerShell%20script%20is%20running%20on%20a%20Server%202016%20server%20hosted%20in%20our%20Azure%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EUsing%20get-teams%2C%20I%20get%20no%20errors%2C%20but%20get%20null%20returned.%20The%20account%20used%20in%20Connect-MicrosoftTeams%20is%20an%20account%20in%20the%20customer's%20tenant%20with%20Global%20admin%20and%20Teams%20service%20admin%20roles.%20Yet%2C%20I%20can't%20even%20see%20a%20Teams%20team%20that%20I%20am%20the%20owner%20of.%3CBR%20%2F%3E%3CBR%20%2F%3EAny%20ideas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1408496%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20PowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

I have completed all of the prescribed tasks to create an App registration in the customers tenant. The app has been granted the following permissions (all showing "Granted"):

Azure Active Directory Graph:
--> Directory.AccessAsUser.All | Delegated | Access the directory as the signed-in user
--> Directory.Read.All | Application | Read directory data
--> User.Read | Delegated | Sign in and read user profile
Microsoft Graph:
--> Directory.Read.All | Application | Read directory data
--> SecurityEvents.Read.All | Application | Read your organization's security events
Microsoft Partner Center:
--> user_impersonation | Delegated | Access Partner Center


I successfully obtained the refresh token and, subsequently, an access token. I can successfully connect to the customers Teams using Connect-MicrosoftTeams which returns the correct Account, Environment, Tenant, TenantId, and TenantDomain.

The PowerShell script is running on a Server 2016 server hosted in our Azure tenant.

Using get-teams, I get no errors, but get null returned. The account used in Connect-MicrosoftTeams is an account in the customer's tenant with Global admin and Teams service admin roles. Yet, I can't even see a Teams team that I am the owner of.

Any ideas?

0 Replies