TeamsOrgWideAppSettings component permissions

[PierreColyn]

When I try to run the TeamsOrgWideAppSettings component with a certificate thumbprint I get the following error:

"[WARNING] Based on the provided Authentication parameters, the following resources cannot be extracted:
TeamsOrgWideAppSettings"

The online documentation does not state any permissions to add to the app registration:
https://microsoft365dsc.com/resources/teams/TeamsOrgWideAppSettings/#permissions

When using the Get-M365DSCCompiledPermissionList command, I do not get any permissions back and get the below error:

"File settings.json was not found for resource {TeamsOrgWideAppSettings}"

Please confirm what application permissions and roles are required for this component.

[PierreColyn]

Update:

I also added all the Azure roles to the app as specified in this thread: #2779 (comment)

I now get a different error:

{InvalidOperation}
Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Runtime.RestException`1[Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.ITeamMiddletierErrorResponse]: Access Denied.
"Error retrieving data:"
at Get-CsTeamsSettingsCustomApp, C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\5.2.0\internal\Merged_internal.ps1: line 14587
at Get-CsTeamsSettingsCustomApp, C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\5.2.0\custom\Merged_custom_PsExt.ps1: line 2088
at Get-CsTeamsSettingsCustomApp, C:\Program Files\WindowsPowerShell\Modules\MicrosoftTeams\5.2.0\exports\ProxyCmdletDefinitionsWithHelp.ps1: line 44023
at Get-TargetResource, C:\Users#username#\Documents\WindowsPowerShell\Modules\Microsoft365DSC\1.23.614.1\DSCResources\MSFT_TeamsOrgWideAppSettings\MSFT_TeamsOrgWideAppSettings.psm1: line 55
at Export-TargetResource, C:\Users#username#\Documents\WindowsPowerShell\Modules\Microsoft365DSC\1.23.614.1\DSCResources\MSFT_TeamsOrgWideAppSettings\MSFT_TeamsOrgWideAppSettings.psm1: line 247
at Start-M365DSCConfigurationExtract, C:\Users#username#\Documents\WindowsPowerShell\Modules\Microsoft365DSC\1.23.614.1\modules\M365DSCReverse.psm1: line 619
at Export-M365DSCConfiguration, C:\Users#username#\Documents\WindowsPowerShell\Modules\Microsoft365DSC\1.23.614.1\modules\M365DSCUtil.psm1: line 1308
at , : line 1
TenantId: #Tenant ID#

[NikCharlebois]

The first error is most likely due to an old version of the script. Please make sure you run

Update-M365DSCModule

EDITED: I am able to reproduce Error 2 and will follow up with PG.

[NikCharlebois]

I just got confirmation that SPN auth support for these new cmdlets used by the resource under the cover don't support SPN auth. They are however working on it. Apologies for the trouble. In the meantime, recommendation is to use credentials to extract these settings.

[PierreColyn]

Thank you

[PierreColyn]

Hello,

Just wanted to follow up if the TeamsOrgWideAppSettings component has been updated to support SPN Auth / certificate authentication?

[KarinaxRivera]

Hi, I just tried myself to export settings for TeamsOrgWideAppSettings but I get an error log stating "System.Management.Automation.ParameterBindingException: A parameter cannot be found that matches parameter name 'AccessTokens'." does this mean I need to use an Access Token to export these configurations?

[FabienTschanz]

@KarinaxRivera For me, only credentials work. No updates on certificate authentication yet, always getting an Access denied message.

[ricmestre]

This resource still doesn't support SPN, as per documentation [0] the cmdlets [Get|Set]-CsTeamsSettingsCustomApp are not supported by SPN and therefore it won't work unless you use credentials authentication.

[0] https://learn.microsoft.com/en-us/microsoftteams/teams-powershell-application-authentication