Last active
March 1, 2021 20:41
-
-
Save JanVidarElven/882c407d565d464a8ed24027bb11c677 to your computer and use it in GitHub Desktop.
GetTeamsAdminCenterToken
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Connect to Azure AD Organization as Admin | |
Connect-AzureAD | |
#region Part 1 - Azure AD App | |
# Create a new App Registration for Teams Admin Center | |
$azureAdApp = New-AzureADApplication -DisplayName "Teams Admin Center API" -ReplyUrls "https://localhost", "urn:ietf:wg:oauth:2.0:oob" | |
$keyStartDate = "{0:s}" -f (get-date).AddHours(-1) + "Z" | |
$keyEndDate = "{0:s}" -f (get-date).AddYears(1) + "Z" | |
# Create Password Key Secret | |
$azureAdAppKeySecret = New-AzureADApplicationPasswordCredential -ObjectId $azureAdApp.ObjectId -CustomKeyIdentifier "Teams Admin Center Secret Key" -StartDate $keyStartDate -EndDate $keyEndDate | |
# Get the Azure AD SPN | |
$azureAdSpn = Get-AzureADServicePrincipal -Filter "DisplayName eq 'Skype and Teams Tenant Admin API'" | |
# Get the Oauth2 permissions for user_impersonation | |
$azureAdOauth2UserImpersonation = $azureAdSpn | select -expand Oauth2Permissions | ? {$_.value -eq "user_impersonation"} | |
# Build a Required Resource Access Object with permissions for User.Read + Sign in and Directory Read | |
$requiredResourceAccess = [Microsoft.Open.AzureAD.Model.RequiredResourceAccess]@{ | |
ResourceAppId=$azureAdSpn.AppId ; | |
ResourceAccess=[Microsoft.Open.AzureAD.Model.ResourceAccess]@{ | |
Id = $azureAdOauth2UserImpersonation.Id ; | |
Type = "Scope" | |
} | |
} | |
# Set the required resources for the Azure AD Application | |
Set-AzureADApplication -ObjectId $azureAdApp.ObjectId -RequiredResourceAccess $requiredResourceAccess | |
# Associate a new Service Principal to my Azure AD Application | |
$appSpn = New-AzureADServicePrincipal -AppId $azureadapp.AppId -Tags @("WindowsAzureActiveDirectoryIntegratedApp") | |
#endregion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment