In the last two post we looked at extending Azure AD with our own attributes http://blog.mindcore.dk/2019/10/azure-ad-extension-attributes.html and how to use this attribute to dynamically grant access to a Microsoft team http://blog.mindcore.dk/2019/10/access-to-teams-based-on-our-own.html.
This time we will create the team and dynamic group using PowerShell instead.
In order to do this we will need the Teams PowerShell module and the AzureADPreview module.
You can always find the latest version of the teams module here:
https://www.powershellgallery.com/packages/MicrosoftTeams/
To see your currently installed version of MicrosoftTeams use the command:
Import-Module MicrosoftTeams
Get-Module MicrosoftTeams
You can always just uninstall and reinstall the module to be sure you got the latest version. (elevated)
Uninstall-Module MicrosoftTeams
Install-Module MicrosoftTeams
Please note that I had to use .Net higher than version 4.6 in order to make the module work.
To find the latest version of the AzureADPreview module you can go here:
https://www.powershellgallery.com/packages/AzureADPreview
To see your currently installed version of AzureADPreview use the commands:
Import-Module AzureADPreview
Get-Module AzureADPreview
You can always just uninstall and reinstall the module to be sure you got the latest version. (elevated)
Uninstall-Module AzureADPreview
Install-Module AzureADPreview
You will need the preview version because otherwise converting to a dynamic group will fail.
With all modules installed let’s import the modules, unless you already did that.
Import-Module AzureADPreview
Import-Module MicrosoftTeams
Then connect to Azure AD and Microsoft teams.
Connect-AzureAD –AccountId youradmin@mydomain.com
Connect-MicrosoftTeams –AccountId youradmin@mydomain.com
Next step is to create the team.
$team = New-Team -MailNickname "NewTeam" -displayname "NewTeam" -Visibility "private" -Description "My New team"
Then we get the appid used in the extension and change the group behind the team to a dynamic group.
$Appid = (get-AzureADApplication -SearchString "Mindcore Azure AD Properties").Appid.replace("-","")
Set-AzureADMSGroup -Id $team.GroupId -GroupTypes "DynamicMembership","Unified" -MembershipRuleProcessingState "On" -MembershipRule "(user.extension_$($appid)_MyAttribute -eq ""MyValue"")"
We could also do it the other way around, creating the group first and then link a team, right now we cannot create the dynamic group right away with the teams PowerShell module.
Final result is the same as in the last post were it was all done directly in the portal http://blog.mindcore.dk/2019/10/access-to-teams-based-on-our-own.html.
