[{"data":1,"prerenderedAt":4348},["Reactive",2],{"navigation":3,"/posts/teams-sso-powershell":204,"/posts/teams-sso-powershell-surround":4320},[4,192,200],{"title":5,"_path":6,"children":7,"icon":191},"Blog","/posts",[8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59,62,65,68,71,74,77,80,83,86,89,92,95,98,101,104,107,110,113,116,119,122,125,128,131,134,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,188],{"title":9,"_path":10},"Testing your API with REST Client","/posts/testing-your-api-with-rest-client",{"title":12,"_path":13},"HTML templating in Xamarin","/posts/html-templating-in-xamarin",{"title":15,"_path":16},"Goodbye Azure Portal, Welcome Azure CLI","/posts/welcome-azure-cli",{"title":18,"_path":19},"Coming across Gitpod","/posts/gitpod",{"title":21,"_path":22},"Handle token retrieval while querying an API","/posts/delegating-handler",{"title":24,"_path":25},"Clean up your local git branches.","/posts/cleaning-git-branches",{"title":27,"_path":28},"Automate configuration of Teams Tab SSO with PowerShell.","/posts/teams-sso-powershell",{"title":30,"_path":31},"How to do a technology watch? - Part 1","/posts/technology-watch-part1",{"title":33,"_path":34},"How to do a technology watch? - Part 2","/posts/technology-watch-part2",{"title":36,"_path":37},"You almost no longer need Key Vault references for Azure Functions.","/posts/azure-functions-custom-configuration",{"title":39,"_path":40},"How to do a technology watch? - Part 3","/posts/technology-watch-part3",{"title":42,"_path":43},"Forget DevOps, the future is already here!","/posts/devops-future",{"title":45,"_path":46},"Week 9, 2021 - Tips I learned this week","/posts/w09-2021-tips-learned-this-week",{"title":48,"_path":49},"Week 12, 2021 - Tips I learned this week","/posts/w12-2021-tips-learned-this-week",{"title":51,"_path":52},"Week 14, 2021 - Tips I learned this week","/posts/w14-2021-tips-learned-this-week",{"title":54,"_path":55},"Once upon a time in .NET","/posts/once-upon-a-time-in-dotnet",{"title":57,"_path":58},"Install your applications with winget","/posts/winget-import",{"title":60,"_path":61},"Customize your applications when installing them with winget","/posts/winget-override",{"title":63,"_path":64},"Week 22, 2021 - Tips I learned this week","/posts/w22-2021-tips-learned-this-week",{"title":66,"_path":67},"How to connect to an Azure SQL Database from C# using Azure AD","/posts/sqlclient-active-directory-authent",{"title":69,"_path":70},"Producing packages for Windows Package Manager","/posts/wingetcreate",{"title":72,"_path":73},"4 tips about GitHub Actions environment variables and contexts","/posts/github-actions-var-and-context",{"title":75,"_path":76},"AzureWebJobsStorage, the secret you don't need in your Function App.","/posts/azure-functions-without-azurewebjobsstorage",{"title":78,"_path":79},"ASP.NET Core - Lost in configuration","/posts/lost-in-configuration",{"title":81,"_path":82},"Week 39, 2021 - Tips I learned this week","/posts/w39-2021-tips-learned-this-week",{"title":84,"_path":85},"Week 41, 2021 - Tips I learned this week","/posts/w41-2021-tips-learned-this-week",{"title":87,"_path":88},"Migrating and open-sourcing my blog","/posts/migrating-blog",{"title":90,"_path":91},"Week 45, 2021 - Tips I learned this week","/posts/w45-2021-tips-learned-this-week",{"title":93,"_path":94},"Organize your GitHub stars with Astral","/posts/astral",{"title":96,"_path":97},"Pulumi with an Azure Blob Storage backend","/posts/pulumi-azure-backend",{"title":99,"_path":100},"IaC Hot Reload with Pulumi Watch","/posts/pulumi-watch",{"title":102,"_path":103},"Week 2, 2022 - Tips I learned this week","/posts/w02-2022-tips-learned-this-week",{"title":105,"_path":106},"Week 3, 2022 - Tips I learned this week","/posts/w03-2022-tips-learned-this-week",{"title":108,"_path":109},"Week 5, 2022 - Tips I learned this week","/posts/w05-2022-tips-learned-this-week",{"title":111,"_path":112},"How to provision an Azure SQL Database with Active Directory authentication","/posts/sqldatabase-active-directory-authent",{"title":114,"_path":115},"Why will I choose Pulumi over Terraform for my next project?","/posts/pulumi-vs-terraform",{"title":117,"_path":118},"Week 19, 2022 - Tips I learned this week","/posts/w19-2022-tips-learned-this-week",{"title":120,"_path":121},"Week 20, 2022 - Tips I learned this week","/posts/w20-2022-tips-learned-this-week",{"title":123,"_path":124},"Keeping secrets secure when using API Clients","/posts/http-clients-secrets",{"title":126,"_path":127},"What made me want to be a developer?","/posts/be-a-developer",{"title":129,"_path":130},"What can we do when stuck with a programming problem?","/posts/get-unstuck",{"title":132,"_path":133},"How did I automate the setup of my developer Windows laptop?","/posts/automate-developer-machine",{"title":135,"_path":136},"Discussion about API clients","/posts/http-clients",{"title":138,"_path":139},"Week 46, 2022 - Tips I learned this week","/posts/w46-2022-tips-learned-this-week",{"title":141,"_path":142},"When Pulumi met Nuke: a .NET love story","/posts/when-pulumi-met-nuke",{"title":144,"_path":145},"A year of learning and sharing - Dev Retro 2022","/posts/2022-retro",{"title":147,"_path":148},"Perform Dynamic Execution of an npm Package","/posts/pnpm-dlx",{"title":150,"_path":151},"Manage multiple Node.js versions","/posts/pnpm-env",{"title":153,"_path":154},"Introducing the Vue.js CI/CD series","/posts/vuecicd-introduction",{"title":156,"_path":157},"Execute commands using your project dependencies","/posts/pnpm-exec",{"title":159,"_path":160},"Vue.js CI/CD: Continuous Integration","/posts/vuecicd-ci",{"title":162,"_path":163},"Who is using pnpm?","/posts/pnpm-who-is-using",{"title":165,"_path":166},"Create an Azure-Ready GitHub Repository using Pulumi","/posts/azure-ready-github-repository",{"title":168,"_path":169},"Deploying to Azure from Azure DevOps without secrets","/posts/ado-workload-identity-federation",{"title":171,"_path":172},"Effortlessly Configure GitHub Repositories for Azure Deployment via OIDC","/posts/scripting-azure-ready-github-repository",{"title":174,"_path":175},"Playing with the .NET 8 Web API template","/posts/playing-with-dotnet8",{"title":177,"_path":178},"Another year of sharing and learning - Dev Retro 2023","/posts/2023-retro",{"title":180,"_path":181},"Week 4, 2024 - Tips I learned this week","/posts/w04-2024-tips-learned-this-week",{"title":183,"_path":184},"Using dependency injection with Azure .NET SDK","/posts/azure-sdk-di",{"title":186,"_path":187},"Having Fun With IT Event Calendars","/posts/it-event-calendars",{"title":189,"_path":190},"Call your Azure AD B2C protected API with authenticated HTTP requests from your JetBrains IDE","/posts/http-clients-oauth2","i-heroicons-newspaper",{"title":193,"_path":194,"children":195,"icon":199},"Goodies","/goodies",[196],{"title":197,"_path":198},"My Git Cheat Sheet","/goodies/gitcheatsheet","i-heroicons-gift-solid",{"title":201,"_path":202,"icon":203},"About","/about","i-heroicons-user-circle-solid",{"_path":28,"_dir":205,"_draft":206,"_partial":206,"_locale":207,"title":27,"description":208,"lead":209,"date":210,"image":211,"badge":213,"tags":215,"body":219,"_type":4315,"_id":4316,"_source":4317,"_file":4318,"_extension":4319},"posts",false,"","If you have no interest in reading the blog post and just want the final script, you can find it on this GitHub repository.","Creating a PowerShell script to configure SSO for the tab of a Teams application.","2020-06-15T00:00:00.000Z",{"src":212},"/images/shell_1.jpg",{"label":214},"DevOps",[216,217,218],"Microsoft Teams","PowerShell","Azure Active Directory",{"type":220,"children":221,"toc":4300},"root",[222,241,248,262,276,282,305,310,317,331,534,539,545,550,597,610,644,650,663,719,725,738,842,848,868,1235,1247,1718,1724,1729,2081,2086,2321,2327,2341,2542,2555,3216,3236,3666,3672,3685,3690,3892,3912,4275,4281,4294],{"type":223,"tag":224,"props":225,"children":226},"element","p",{},[227,230,239],{"type":228,"value":229},"text","If you have no interest in reading the blog post and just want the final script, you can find it on this ",{"type":223,"tag":231,"props":232,"children":236},"a",{"href":233,"rel":234},"https://github.com/TechWatching/TeamsDev/blob/master/infra/Scripts/ConfigureTeamsTabSSO.ps1",[235],"nofollow",[237],{"type":228,"value":238},"GitHub repository",{"type":228,"value":240},".",{"type":223,"tag":242,"props":243,"children":245},"h2",{"id":244},"context",[246],{"type":228,"value":247},"Context",{"type":223,"tag":224,"props":249,"children":250},{},[251,253,260],{"type":228,"value":252},"Several months ago, I supervised a student project aiming at developing a Teams application for my company. The application is mainly composed of a tab where Human Resources people can see information about arrivals and departures in the company. Once the project was finished and the first version of the application was available, I provisioned the application infrastructure on my company Azure tenant using ",{"type":223,"tag":231,"props":254,"children":257},{"href":255,"rel":256},"https://www.pulumi.com/",[235],[258],{"type":228,"value":259},"Pulumi",{"type":228,"value":261}," which is a nice infrastructure as code platform.",{"type":223,"tag":224,"props":263,"children":264},{},[265,267,274],{"type":228,"value":266},"However, configuring Single Sign-On for the tab of the application did not seem possible with Pulumi as it internally uses Terraform Provider for AzureAD which at the time of writing doesn't have all functionalities necessary to configure this. The ",{"type":223,"tag":231,"props":268,"children":271},{"href":269,"rel":270},"http://aka.ms/teams-sso",[235],[272],{"type":228,"value":273},"documentation about SSO for Teams tab",{"type":228,"value":275}," currently lists all the steps necessary to configure it from the Azure Portal, however, it mentions nothing about automating it, hence this blog post.",{"type":223,"tag":242,"props":277,"children":279},{"id":278},"steps-to-create-the-powershell-script",[280],{"type":228,"value":281},"Steps to create the PowerShell script",{"type":223,"tag":224,"props":283,"children":284},{},[285,287,294,296,303],{"type":228,"value":286},"Usually, I prefer Azure CLI to PowerShell as I find it easier to find commands I need, but Azure CLI doesn't have yet the necessary commands. Most of the code comes from ",{"type":223,"tag":231,"props":288,"children":291},{"href":289,"rel":290},"https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/blob/master/3.-Web-api-call-Microsoft-graph-for-personal-accounts/AppCreationScripts/Configure.ps1",[235],[292],{"type":228,"value":293},"this script",{"type":228,"value":295}," located in a repository of the ",{"type":223,"tag":231,"props":297,"children":300},{"href":298,"rel":299},"https://github.com/Azure-Samples",[235],[301],{"type":228,"value":302},"Azure Samples GitHub organization",{"type":228,"value":304},". I took only what was necessary for Teams Tab SSO, adapted it to use Microsoft Graph objects/commands, and added missing commands.",{"type":223,"tag":224,"props":306,"children":307},{},[308],{"type":228,"value":309},"I am not an expert in PowerShell so there might be things to improve in the final script, but I hope the following steps will help you to understand how to configure SSO for your Teams Tab.",{"type":223,"tag":311,"props":312,"children":314},"h3",{"id":313},"interacting-with-azure-active-directory",[315],{"type":228,"value":316},"Interacting with Azure Active Directory",{"type":223,"tag":224,"props":318,"children":319},{},[320,322,329],{"type":228,"value":321},"PowerShell has a module called ",{"type":223,"tag":231,"props":323,"children":326},{"href":324,"rel":325},"https://docs.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0",[235],[327],{"type":228,"value":328},"AzureAd",{"type":228,"value":330}," that allow us to interact with Azure Active Directory.\nThe first step is to install this module if not already installed, import it and authenticate to Azure AD to be able to use Active Directory commands once authenticated.",{"type":223,"tag":332,"props":333,"children":337},"pre",{"className":334,"code":335,"language":336,"meta":207,"style":207},"language-powershell shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","if ($null -eq (Get-Module -ListAvailable -Name \"AzureAD\")) { \n    Install-Module -Name \"AzureAD\" -Force\n}\n\nImport-Module AzureAD\n\nConnect-AzureAD -TenantId $tenantId\n","powershell",[338],{"type":223,"tag":339,"props":340,"children":341},"code",{"__ignoreMap":207},[342,427,465,474,484,498,506],{"type":223,"tag":343,"props":344,"children":347},"span",{"class":345,"line":346},"line",1,[348,354,360,365,370,376,381,387,392,397,402,408,412,417,422],{"type":223,"tag":343,"props":349,"children":351},{"style":350},"--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF;--shiki-light-font-style:italic;--shiki-default-font-style:italic;--shiki-dark-font-style:italic",[352],{"type":228,"value":353},"if",{"type":223,"tag":343,"props":355,"children":357},{"style":356},"--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF",[358],{"type":228,"value":359}," ($null",{"type":223,"tag":343,"props":361,"children":362},{"style":356},[363],{"type":228,"value":364}," -eq",{"type":223,"tag":343,"props":366,"children":367},{"style":356},[368],{"type":228,"value":369}," (",{"type":223,"tag":343,"props":371,"children":373},{"style":372},"--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF",[374],{"type":228,"value":375},"Get-Module",{"type":223,"tag":343,"props":377,"children":378},{"style":356},[379],{"type":228,"value":380}," -",{"type":223,"tag":343,"props":382,"children":384},{"style":383},"--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8",[385],{"type":228,"value":386},"ListAvailable ",{"type":223,"tag":343,"props":388,"children":389},{"style":356},[390],{"type":228,"value":391},"-",{"type":223,"tag":343,"props":393,"children":394},{"style":383},[395],{"type":228,"value":396},"Name ",{"type":223,"tag":343,"props":398,"children":399},{"style":356},[400],{"type":228,"value":401},"\"",{"type":223,"tag":343,"props":403,"children":405},{"style":404},"--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D",[406],{"type":228,"value":407},"AzureAD",{"type":223,"tag":343,"props":409,"children":410},{"style":356},[411],{"type":228,"value":401},{"type":223,"tag":343,"props":413,"children":414},{"style":356},[415],{"type":228,"value":416},"))",{"type":223,"tag":343,"props":418,"children":419},{"style":356},[420],{"type":228,"value":421}," {",{"type":223,"tag":343,"props":423,"children":424},{"style":383},[425],{"type":228,"value":426}," \n",{"type":223,"tag":343,"props":428,"children":430},{"class":345,"line":429},2,[431,436,440,444,448,452,456,460],{"type":223,"tag":343,"props":432,"children":433},{"style":372},[434],{"type":228,"value":435},"    Install-Module",{"type":223,"tag":343,"props":437,"children":438},{"style":356},[439],{"type":228,"value":380},{"type":223,"tag":343,"props":441,"children":442},{"style":383},[443],{"type":228,"value":396},{"type":223,"tag":343,"props":445,"children":446},{"style":356},[447],{"type":228,"value":401},{"type":223,"tag":343,"props":449,"children":450},{"style":404},[451],{"type":228,"value":407},{"type":223,"tag":343,"props":453,"children":454},{"style":356},[455],{"type":228,"value":401},{"type":223,"tag":343,"props":457,"children":458},{"style":356},[459],{"type":228,"value":380},{"type":223,"tag":343,"props":461,"children":462},{"style":383},[463],{"type":228,"value":464},"Force\n",{"type":223,"tag":343,"props":466,"children":468},{"class":345,"line":467},3,[469],{"type":223,"tag":343,"props":470,"children":471},{"style":356},[472],{"type":228,"value":473},"}\n",{"type":223,"tag":343,"props":475,"children":477},{"class":345,"line":476},4,[478],{"type":223,"tag":343,"props":479,"children":481},{"emptyLinePlaceholder":480},true,[482],{"type":228,"value":483},"\n",{"type":223,"tag":343,"props":485,"children":487},{"class":345,"line":486},5,[488,493],{"type":223,"tag":343,"props":489,"children":490},{"style":372},[491],{"type":228,"value":492},"Import-Module",{"type":223,"tag":343,"props":494,"children":495},{"style":383},[496],{"type":228,"value":497}," AzureAD\n",{"type":223,"tag":343,"props":499,"children":501},{"class":345,"line":500},6,[502],{"type":223,"tag":343,"props":503,"children":504},{"emptyLinePlaceholder":480},[505],{"type":228,"value":483},{"type":223,"tag":343,"props":507,"children":509},{"class":345,"line":508},7,[510,515,519,524,529],{"type":223,"tag":343,"props":511,"children":512},{"style":372},[513],{"type":228,"value":514},"Connect-AzureAD",{"type":223,"tag":343,"props":516,"children":517},{"style":356},[518],{"type":228,"value":380},{"type":223,"tag":343,"props":520,"children":521},{"style":383},[522],{"type":228,"value":523},"TenantId ",{"type":223,"tag":343,"props":525,"children":526},{"style":356},[527],{"type":228,"value":528},"$",{"type":223,"tag":343,"props":530,"children":531},{"style":383},[532],{"type":228,"value":533},"tenantId\n",{"type":223,"tag":224,"props":535,"children":536},{},[537],{"type":228,"value":538},"This will prompt us to log in with our AD account. We will see later in the article how we can avoid that if we are using this script in an Azure Pipeline.",{"type":223,"tag":311,"props":540,"children":542},{"id":541},"retrieving-the-application-registration",[543],{"type":228,"value":544},"Retrieving the application registration",{"type":223,"tag":224,"props":546,"children":547},{},[548],{"type":228,"value":549},"I already created my application registration in AD with Pulumi so I just have to retrieve it before configuring it.",{"type":223,"tag":332,"props":551,"children":553},{"className":334,"code":552,"language":336,"meta":207,"style":207},"$app = Get-AzureADMSApplication -ObjectId $applicationObjectId\n",[554],{"type":223,"tag":339,"props":555,"children":556},{"__ignoreMap":207},[557],{"type":223,"tag":343,"props":558,"children":559},{"class":345,"line":346},[560,564,569,574,579,583,588,592],{"type":223,"tag":343,"props":561,"children":562},{"style":356},[563],{"type":228,"value":528},{"type":223,"tag":343,"props":565,"children":566},{"style":383},[567],{"type":228,"value":568},"app ",{"type":223,"tag":343,"props":570,"children":571},{"style":356},[572],{"type":228,"value":573},"=",{"type":223,"tag":343,"props":575,"children":576},{"style":372},[577],{"type":228,"value":578}," Get-AzureADMSApplication",{"type":223,"tag":343,"props":580,"children":581},{"style":356},[582],{"type":228,"value":380},{"type":223,"tag":343,"props":584,"children":585},{"style":383},[586],{"type":228,"value":587},"ObjectId ",{"type":223,"tag":343,"props":589,"children":590},{"style":356},[591],{"type":228,"value":528},{"type":223,"tag":343,"props":593,"children":594},{"style":383},[595],{"type":228,"value":596},"applicationObjectId\n",{"type":223,"tag":224,"props":598,"children":599},{},[600,602,608],{"type":228,"value":601},"If you don't have an existing application registration you can create one with the ",{"type":223,"tag":339,"props":603,"children":605},{"className":604},[],[606],{"type":228,"value":607},"New-AzureADMSApplication",{"type":228,"value":609}," command.",{"type":223,"tag":611,"props":612,"children":614},"callout",{"icon":613},"i-fluent-emoji-flat-gem-stone",[615],{"type":223,"tag":224,"props":616,"children":617},{},[618,620,626,628,634,636,642],{"type":228,"value":619},"You may note that there are similar commands ",{"type":223,"tag":339,"props":621,"children":623},{"className":622},[],[624],{"type":228,"value":625},"Get-AzureADApplication",{"type":228,"value":627}," and ",{"type":223,"tag":339,"props":629,"children":631},{"className":630},[],[632],{"type":228,"value":633},"New-AzureADApplication",{"type":228,"value":635}," that exist. Both commands work fine but commands with ",{"type":223,"tag":637,"props":638,"children":639},"em",{},[640],{"type":228,"value":641},"MS",{"type":228,"value":643}," in their name internally use Microsoft Graph which seems to be the modern way to interact with Azure AD.",{"type":223,"tag":311,"props":645,"children":647},{"id":646},"creating-the-service-principal",[648],{"type":228,"value":649},"Creating the service principal",{"type":223,"tag":224,"props":651,"children":652},{},[653,655,662],{"type":228,"value":654},"When you register an application in Azure Portal it creates an Application object and a Service Principal in your tenant. But if you create the Application outside the Azure Portal (Azure CLI, PowerShell, Pulumi, ...), you will have to create the Service Principal as well. Just as a reminder the ",{"type":223,"tag":231,"props":656,"children":659},{"href":657,"rel":658},"https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#application-and-service-principal-relationship",[235],[660],{"type":228,"value":661},"application object should be considered as the global representation of your application for use across all tenants, and the service principal as the local representation for use in a specific tenant",{"type":228,"value":240},{"type":223,"tag":332,"props":664,"children":666},{"className":334,"code":665,"language":336,"meta":207,"style":207},"New-AzureADServicePrincipal -AppId $app.AppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}\n",[667],{"type":223,"tag":339,"props":668,"children":669},{"__ignoreMap":207},[670],{"type":223,"tag":343,"props":671,"children":672},{"class":345,"line":346},[673,678,682,687,691,696,700,705,710,715],{"type":223,"tag":343,"props":674,"children":675},{"style":372},[676],{"type":228,"value":677},"New-AzureADServicePrincipal",{"type":223,"tag":343,"props":679,"children":680},{"style":356},[681],{"type":228,"value":380},{"type":223,"tag":343,"props":683,"children":684},{"style":383},[685],{"type":228,"value":686},"AppId ",{"type":223,"tag":343,"props":688,"children":689},{"style":356},[690],{"type":228,"value":528},{"type":223,"tag":343,"props":692,"children":693},{"style":383},[694],{"type":228,"value":695},"app.AppId ",{"type":223,"tag":343,"props":697,"children":698},{"style":356},[699],{"type":228,"value":391},{"type":223,"tag":343,"props":701,"children":702},{"style":383},[703],{"type":228,"value":704},"Tags ",{"type":223,"tag":343,"props":706,"children":707},{"style":356},[708],{"type":228,"value":709},"{",{"type":223,"tag":343,"props":711,"children":712},{"style":383},[713],{"type":228,"value":714},"WindowsAzureActiveDirectoryIntegratedApp",{"type":223,"tag":343,"props":716,"children":717},{"style":356},[718],{"type":228,"value":473},{"type":223,"tag":311,"props":720,"children":722},{"id":721},"exposing-an-application-as-an-api",[723],{"type":228,"value":724},"Exposing an application as an API",{"type":223,"tag":224,"props":726,"children":727},{},[728,730,736],{"type":228,"value":729},"To expose an application as an API, it is necessary to set the identifier URI of the application. We will use a variable ",{"type":223,"tag":339,"props":731,"children":733},{"className":732},[],[734],{"type":228,"value":735},"$customDomainName",{"type":228,"value":737}," to specify the custom domain of the application. Indeed as stated by the documentation, for the moment Teams Tab SSO does not support applications that use the azurewebsites.net domain.",{"type":223,"tag":332,"props":739,"children":741},{"className":334,"code":740,"language":336,"meta":207,"style":207},"$appId = $app.AppId\nSet-AzureADMSApplication -ObjectId $app.Id -IdentifierUris \"api://$customDomainName/$appId\"\n",[742],{"type":223,"tag":339,"props":743,"children":744},{"__ignoreMap":207},[745,771],{"type":223,"tag":343,"props":746,"children":747},{"class":345,"line":346},[748,752,757,761,766],{"type":223,"tag":343,"props":749,"children":750},{"style":356},[751],{"type":228,"value":528},{"type":223,"tag":343,"props":753,"children":754},{"style":383},[755],{"type":228,"value":756},"appId ",{"type":223,"tag":343,"props":758,"children":759},{"style":356},[760],{"type":228,"value":573},{"type":223,"tag":343,"props":762,"children":763},{"style":356},[764],{"type":228,"value":765}," $",{"type":223,"tag":343,"props":767,"children":768},{"style":383},[769],{"type":228,"value":770},"app.AppId\n",{"type":223,"tag":343,"props":772,"children":773},{"class":345,"line":429},[774,779,783,787,791,796,800,805,809,814,818,823,828,832,837],{"type":223,"tag":343,"props":775,"children":776},{"style":372},[777],{"type":228,"value":778},"Set-AzureADMSApplication",{"type":223,"tag":343,"props":780,"children":781},{"style":356},[782],{"type":228,"value":380},{"type":223,"tag":343,"props":784,"children":785},{"style":383},[786],{"type":228,"value":587},{"type":223,"tag":343,"props":788,"children":789},{"style":356},[790],{"type":228,"value":528},{"type":223,"tag":343,"props":792,"children":793},{"style":383},[794],{"type":228,"value":795},"app.Id ",{"type":223,"tag":343,"props":797,"children":798},{"style":356},[799],{"type":228,"value":391},{"type":223,"tag":343,"props":801,"children":802},{"style":383},[803],{"type":228,"value":804},"IdentifierUris ",{"type":223,"tag":343,"props":806,"children":807},{"style":356},[808],{"type":228,"value":401},{"type":223,"tag":343,"props":810,"children":811},{"style":404},[812],{"type":228,"value":813},"api://",{"type":223,"tag":343,"props":815,"children":816},{"style":356},[817],{"type":228,"value":528},{"type":223,"tag":343,"props":819,"children":820},{"style":383},[821],{"type":228,"value":822},"customDomainName",{"type":223,"tag":343,"props":824,"children":825},{"style":404},[826],{"type":228,"value":827},"/",{"type":223,"tag":343,"props":829,"children":830},{"style":356},[831],{"type":228,"value":528},{"type":223,"tag":343,"props":833,"children":834},{"style":383},[835],{"type":228,"value":836},"appId",{"type":223,"tag":343,"props":838,"children":839},{"style":356},[840],{"type":228,"value":841},"\"\n",{"type":223,"tag":311,"props":843,"children":845},{"id":844},"creating-the-access_as_user-scope",[846],{"type":228,"value":847},"Creating the access_as_user scope",{"type":223,"tag":224,"props":849,"children":850},{},[851,853,859,861,866],{"type":228,"value":852},"Teams Tab SSO works by making the Teams client (whether it be Teams mobile app, desktop app, or web app) ask for an Azure AD token with the scope ",{"type":223,"tag":339,"props":854,"children":856},{"className":855},[],[857],{"type":228,"value":858},"access_as_user",{"type":228,"value":860}," of the Tab application you developed. So we need to create a scope ",{"type":223,"tag":339,"props":862,"children":864},{"className":863},[],[865],{"type":228,"value":858},{"type":228,"value":867}," in the application.",{"type":223,"tag":332,"props":869,"children":871},{"className":334,"code":870,"language":336,"meta":207,"style":207},"# Add all existing scopes first\n$scopes = New-Object System.Collections.Generic.List[Microsoft.Open.MsGraph.Model.PermissionScope]\n$app.Api.Oauth2PermissionScopes | foreach-object { $scopes.Add($_) }\n$scope = CreateScope -value \"access_as_user\"  `\n    -userConsentDisplayName \"Teams can access the user’s profile\"  `\n    -userConsentDescription \"Allows Teams to call the app’s web APIs as the current user.\"  `\n    -adminConsentDisplayName \"Teams can access your user profile and make requests on your behalf\"  `\n    -adminConsentDescription \"Enable Teams to call this app’s APIs with the same rights that you have\"\n$scopes.Add($scope)\n$app.Api.Oauth2PermissionScopes = $scopes\nSet-AzureADMSApplication -ObjectId $app.Id -Api $app.Api\n",[872],{"type":223,"tag":339,"props":873,"children":874},{"__ignoreMap":207},[875,884,926,981,1028,1058,1087,1116,1142,1168,1193],{"type":223,"tag":343,"props":876,"children":877},{"class":345,"line":346},[878],{"type":223,"tag":343,"props":879,"children":881},{"style":880},"--shiki-light:#90A4AE;--shiki-default:#546E7A;--shiki-dark:#676E95;--shiki-light-font-style:italic;--shiki-default-font-style:italic;--shiki-dark-font-style:italic",[882],{"type":228,"value":883},"# Add all existing scopes first\n",{"type":223,"tag":343,"props":885,"children":886},{"class":345,"line":429},[887,891,896,900,905,910,915,921],{"type":223,"tag":343,"props":888,"children":889},{"style":356},[890],{"type":228,"value":528},{"type":223,"tag":343,"props":892,"children":893},{"style":383},[894],{"type":228,"value":895},"scopes ",{"type":223,"tag":343,"props":897,"children":898},{"style":356},[899],{"type":228,"value":573},{"type":223,"tag":343,"props":901,"children":902},{"style":372},[903],{"type":228,"value":904}," New-Object",{"type":223,"tag":343,"props":906,"children":907},{"style":383},[908],{"type":228,"value":909}," System.Collections.Generic.List",{"type":223,"tag":343,"props":911,"children":912},{"style":356},[913],{"type":228,"value":914},"[",{"type":223,"tag":343,"props":916,"children":918},{"style":917},"--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA",[919],{"type":228,"value":920},"Microsoft.Open.MsGraph.Model.PermissionScope",{"type":223,"tag":343,"props":922,"children":923},{"style":356},[924],{"type":228,"value":925},"]\n",{"type":223,"tag":343,"props":927,"children":928},{"class":345,"line":467},[929,933,938,943,948,952,956,961,966,971,976],{"type":223,"tag":343,"props":930,"children":931},{"style":356},[932],{"type":228,"value":528},{"type":223,"tag":343,"props":934,"children":935},{"style":383},[936],{"type":228,"value":937},"app.Api.Oauth2PermissionScopes ",{"type":223,"tag":343,"props":939,"children":940},{"style":356},[941],{"type":228,"value":942},"|",{"type":223,"tag":343,"props":944,"children":945},{"style":372},[946],{"type":228,"value":947}," foreach-object",{"type":223,"tag":343,"props":949,"children":950},{"style":356},[951],{"type":228,"value":421},{"type":223,"tag":343,"props":953,"children":954},{"style":356},[955],{"type":228,"value":765},{"type":223,"tag":343,"props":957,"children":958},{"style":383},[959],{"type":228,"value":960},"scopes.Add",{"type":223,"tag":343,"props":962,"children":963},{"style":356},[964],{"type":228,"value":965},"($",{"type":223,"tag":343,"props":967,"children":968},{"style":383},[969],{"type":228,"value":970},"_",{"type":223,"tag":343,"props":972,"children":973},{"style":356},[974],{"type":228,"value":975},")",{"type":223,"tag":343,"props":977,"children":978},{"style":356},[979],{"type":228,"value":980}," }\n",{"type":223,"tag":343,"props":982,"children":983},{"class":345,"line":476},[984,988,993,997,1002,1006,1011,1015,1019,1023],{"type":223,"tag":343,"props":985,"children":986},{"style":356},[987],{"type":228,"value":528},{"type":223,"tag":343,"props":989,"children":990},{"style":383},[991],{"type":228,"value":992},"scope ",{"type":223,"tag":343,"props":994,"children":995},{"style":356},[996],{"type":228,"value":573},{"type":223,"tag":343,"props":998,"children":999},{"style":383},[1000],{"type":228,"value":1001}," CreateScope ",{"type":223,"tag":343,"props":1003,"children":1004},{"style":356},[1005],{"type":228,"value":391},{"type":223,"tag":343,"props":1007,"children":1008},{"style":383},[1009],{"type":228,"value":1010},"value ",{"type":223,"tag":343,"props":1012,"children":1013},{"style":356},[1014],{"type":228,"value":401},{"type":223,"tag":343,"props":1016,"children":1017},{"style":404},[1018],{"type":228,"value":858},{"type":223,"tag":343,"props":1020,"children":1021},{"style":356},[1022],{"type":228,"value":401},{"type":223,"tag":343,"props":1024,"children":1025},{"style":356},[1026],{"type":228,"value":1027},"  `\n",{"type":223,"tag":343,"props":1029,"children":1030},{"class":345,"line":486},[1031,1036,1041,1045,1050,1054],{"type":223,"tag":343,"props":1032,"children":1033},{"style":356},[1034],{"type":228,"value":1035},"    -",{"type":223,"tag":343,"props":1037,"children":1038},{"style":383},[1039],{"type":228,"value":1040},"userConsentDisplayName ",{"type":223,"tag":343,"props":1042,"children":1043},{"style":356},[1044],{"type":228,"value":401},{"type":223,"tag":343,"props":1046,"children":1047},{"style":404},[1048],{"type":228,"value":1049},"Teams can access the user’s profile",{"type":223,"tag":343,"props":1051,"children":1052},{"style":356},[1053],{"type":228,"value":401},{"type":223,"tag":343,"props":1055,"children":1056},{"style":356},[1057],{"type":228,"value":1027},{"type":223,"tag":343,"props":1059,"children":1060},{"class":345,"line":500},[1061,1065,1070,1074,1079,1083],{"type":223,"tag":343,"props":1062,"children":1063},{"style":356},[1064],{"type":228,"value":1035},{"type":223,"tag":343,"props":1066,"children":1067},{"style":383},[1068],{"type":228,"value":1069},"userConsentDescription ",{"type":223,"tag":343,"props":1071,"children":1072},{"style":356},[1073],{"type":228,"value":401},{"type":223,"tag":343,"props":1075,"children":1076},{"style":404},[1077],{"type":228,"value":1078},"Allows Teams to call the app’s web APIs as the current user.",{"type":223,"tag":343,"props":1080,"children":1081},{"style":356},[1082],{"type":228,"value":401},{"type":223,"tag":343,"props":1084,"children":1085},{"style":356},[1086],{"type":228,"value":1027},{"type":223,"tag":343,"props":1088,"children":1089},{"class":345,"line":508},[1090,1094,1099,1103,1108,1112],{"type":223,"tag":343,"props":1091,"children":1092},{"style":356},[1093],{"type":228,"value":1035},{"type":223,"tag":343,"props":1095,"children":1096},{"style":383},[1097],{"type":228,"value":1098},"adminConsentDisplayName ",{"type":223,"tag":343,"props":1100,"children":1101},{"style":356},[1102],{"type":228,"value":401},{"type":223,"tag":343,"props":1104,"children":1105},{"style":404},[1106],{"type":228,"value":1107},"Teams can access your user profile and make requests on your behalf",{"type":223,"tag":343,"props":1109,"children":1110},{"style":356},[1111],{"type":228,"value":401},{"type":223,"tag":343,"props":1113,"children":1114},{"style":356},[1115],{"type":228,"value":1027},{"type":223,"tag":343,"props":1117,"children":1119},{"class":345,"line":1118},8,[1120,1124,1129,1133,1138],{"type":223,"tag":343,"props":1121,"children":1122},{"style":356},[1123],{"type":228,"value":1035},{"type":223,"tag":343,"props":1125,"children":1126},{"style":383},[1127],{"type":228,"value":1128},"adminConsentDescription ",{"type":223,"tag":343,"props":1130,"children":1131},{"style":356},[1132],{"type":228,"value":401},{"type":223,"tag":343,"props":1134,"children":1135},{"style":404},[1136],{"type":228,"value":1137},"Enable Teams to call this app’s APIs with the same rights that you have",{"type":223,"tag":343,"props":1139,"children":1140},{"style":356},[1141],{"type":228,"value":841},{"type":223,"tag":343,"props":1143,"children":1145},{"class":345,"line":1144},9,[1146,1150,1154,1158,1163],{"type":223,"tag":343,"props":1147,"children":1148},{"style":356},[1149],{"type":228,"value":528},{"type":223,"tag":343,"props":1151,"children":1152},{"style":383},[1153],{"type":228,"value":960},{"type":223,"tag":343,"props":1155,"children":1156},{"style":356},[1157],{"type":228,"value":965},{"type":223,"tag":343,"props":1159,"children":1160},{"style":383},[1161],{"type":228,"value":1162},"scope",{"type":223,"tag":343,"props":1164,"children":1165},{"style":356},[1166],{"type":228,"value":1167},")\n",{"type":223,"tag":343,"props":1169,"children":1171},{"class":345,"line":1170},10,[1172,1176,1180,1184,1188],{"type":223,"tag":343,"props":1173,"children":1174},{"style":356},[1175],{"type":228,"value":528},{"type":223,"tag":343,"props":1177,"children":1178},{"style":383},[1179],{"type":228,"value":937},{"type":223,"tag":343,"props":1181,"children":1182},{"style":356},[1183],{"type":228,"value":573},{"type":223,"tag":343,"props":1185,"children":1186},{"style":356},[1187],{"type":228,"value":765},{"type":223,"tag":343,"props":1189,"children":1190},{"style":383},[1191],{"type":228,"value":1192},"scopes\n",{"type":223,"tag":343,"props":1194,"children":1196},{"class":345,"line":1195},11,[1197,1201,1205,1209,1213,1217,1221,1226,1230],{"type":223,"tag":343,"props":1198,"children":1199},{"style":372},[1200],{"type":228,"value":778},{"type":223,"tag":343,"props":1202,"children":1203},{"style":356},[1204],{"type":228,"value":380},{"type":223,"tag":343,"props":1206,"children":1207},{"style":383},[1208],{"type":228,"value":587},{"type":223,"tag":343,"props":1210,"children":1211},{"style":356},[1212],{"type":228,"value":528},{"type":223,"tag":343,"props":1214,"children":1215},{"style":383},[1216],{"type":228,"value":795},{"type":223,"tag":343,"props":1218,"children":1219},{"style":356},[1220],{"type":228,"value":391},{"type":223,"tag":343,"props":1222,"children":1223},{"style":383},[1224],{"type":228,"value":1225},"Api ",{"type":223,"tag":343,"props":1227,"children":1228},{"style":356},[1229],{"type":228,"value":528},{"type":223,"tag":343,"props":1231,"children":1232},{"style":383},[1233],{"type":228,"value":1234},"app.Api\n",{"type":223,"tag":224,"props":1236,"children":1237},{},[1238,1240,1245],{"type":228,"value":1239},"This piece of PowerShell just ensures existing scopes won't be deleted when adding the scope ",{"type":223,"tag":339,"props":1241,"children":1243},{"className":1242},[],[1244],{"type":228,"value":858},{"type":228,"value":1246},". Display names and descriptions of the new scope are the ones recommended in the documentation. This code calls a PowerShell function that simply creates the scope object.",{"type":223,"tag":332,"props":1248,"children":1250},{"className":334,"code":1249,"language":336,"meta":207,"style":207},"\u003C#.Description\n   This function creates a new Azure AD scope (OAuth2Permission) with default and provided values\n#>  \nfunction CreateScope(\n    [string] $value,\n    [string] $userConsentDisplayName,\n    [string] $userConsentDescription,\n    [string] $adminConsentDisplayName,\n    [string] $adminConsentDescription)\n{\n    $scope = New-Object Microsoft.Open.MsGraph.Model.PermissionScope\n    $scope.Id = New-Guid\n    $scope.Value = $value\n    $scope.UserConsentDisplayName = $userConsentDisplayName\n    $scope.UserConsentDescription = $userConsentDescription\n    $scope.AdminConsentDisplayName = $adminConsentDisplayName\n    $scope.AdminConsentDescription = $adminConsentDescription\n    $scope.IsEnabled = $true\n    $scope.Type = \"User\"\n    return $scope\n}\n",[1251],{"type":223,"tag":339,"props":1252,"children":1253},{"__ignoreMap":207},[1254,1271,1279,1292,1310,1342,1370,1398,1426,1454,1462,1487,1509,1535,1561,1587,1613,1639,1661,1692,1710],{"type":223,"tag":343,"props":1255,"children":1256},{"class":345,"line":346},[1257,1262,1266],{"type":223,"tag":343,"props":1258,"children":1259},{"style":880},[1260],{"type":228,"value":1261},"\u003C#",{"type":223,"tag":343,"props":1263,"children":1264},{"style":880},[1265],{"type":228,"value":240},{"type":223,"tag":343,"props":1267,"children":1268},{"style":350},[1269],{"type":228,"value":1270},"Description\n",{"type":223,"tag":343,"props":1272,"children":1273},{"class":345,"line":429},[1274],{"type":223,"tag":343,"props":1275,"children":1276},{"style":880},[1277],{"type":228,"value":1278},"   This function creates a new Azure AD scope (OAuth2Permission) with default and provided values\n",{"type":223,"tag":343,"props":1280,"children":1281},{"class":345,"line":467},[1282,1287],{"type":223,"tag":343,"props":1283,"children":1284},{"style":880},[1285],{"type":228,"value":1286},"#>",{"type":223,"tag":343,"props":1288,"children":1289},{"style":383},[1290],{"type":228,"value":1291},"  \n",{"type":223,"tag":343,"props":1293,"children":1294},{"class":345,"line":476},[1295,1300,1305],{"type":223,"tag":343,"props":1296,"children":1297},{"style":917},[1298],{"type":228,"value":1299},"function",{"type":223,"tag":343,"props":1301,"children":1302},{"style":372},[1303],{"type":228,"value":1304}," CreateScope",{"type":223,"tag":343,"props":1306,"children":1307},{"style":356},[1308],{"type":228,"value":1309},"(\n",{"type":223,"tag":343,"props":1311,"children":1312},{"class":345,"line":486},[1313,1318,1323,1328,1332,1337],{"type":223,"tag":343,"props":1314,"children":1315},{"style":356},[1316],{"type":228,"value":1317},"    [",{"type":223,"tag":343,"props":1319,"children":1320},{"style":917},[1321],{"type":228,"value":1322},"string",{"type":223,"tag":343,"props":1324,"children":1325},{"style":356},[1326],{"type":228,"value":1327},"]",{"type":223,"tag":343,"props":1329,"children":1330},{"style":356},[1331],{"type":228,"value":765},{"type":223,"tag":343,"props":1333,"children":1334},{"style":383},[1335],{"type":228,"value":1336},"value",{"type":223,"tag":343,"props":1338,"children":1339},{"style":356},[1340],{"type":228,"value":1341},",\n",{"type":223,"tag":343,"props":1343,"children":1344},{"class":345,"line":500},[1345,1349,1353,1357,1361,1366],{"type":223,"tag":343,"props":1346,"children":1347},{"style":356},[1348],{"type":228,"value":1317},{"type":223,"tag":343,"props":1350,"children":1351},{"style":917},[1352],{"type":228,"value":1322},{"type":223,"tag":343,"props":1354,"children":1355},{"style":356},[1356],{"type":228,"value":1327},{"type":223,"tag":343,"props":1358,"children":1359},{"style":356},[1360],{"type":228,"value":765},{"type":223,"tag":343,"props":1362,"children":1363},{"style":383},[1364],{"type":228,"value":1365},"userConsentDisplayName",{"type":223,"tag":343,"props":1367,"children":1368},{"style":356},[1369],{"type":228,"value":1341},{"type":223,"tag":343,"props":1371,"children":1372},{"class":345,"line":508},[1373,1377,1381,1385,1389,1394],{"type":223,"tag":343,"props":1374,"children":1375},{"style":356},[1376],{"type":228,"value":1317},{"type":223,"tag":343,"props":1378,"children":1379},{"style":917},[1380],{"type":228,"value":1322},{"type":223,"tag":343,"props":1382,"children":1383},{"style":356},[1384],{"type":228,"value":1327},{"type":223,"tag":343,"props":1386,"children":1387},{"style":356},[1388],{"type":228,"value":765},{"type":223,"tag":343,"props":1390,"children":1391},{"style":383},[1392],{"type":228,"value":1393},"userConsentDescription",{"type":223,"tag":343,"props":1395,"children":1396},{"style":356},[1397],{"type":228,"value":1341},{"type":223,"tag":343,"props":1399,"children":1400},{"class":345,"line":1118},[1401,1405,1409,1413,1417,1422],{"type":223,"tag":343,"props":1402,"children":1403},{"style":356},[1404],{"type":228,"value":1317},{"type":223,"tag":343,"props":1406,"children":1407},{"style":917},[1408],{"type":228,"value":1322},{"type":223,"tag":343,"props":1410,"children":1411},{"style":356},[1412],{"type":228,"value":1327},{"type":223,"tag":343,"props":1414,"children":1415},{"style":356},[1416],{"type":228,"value":765},{"type":223,"tag":343,"props":1418,"children":1419},{"style":383},[1420],{"type":228,"value":1421},"adminConsentDisplayName",{"type":223,"tag":343,"props":1423,"children":1424},{"style":356},[1425],{"type":228,"value":1341},{"type":223,"tag":343,"props":1427,"children":1428},{"class":345,"line":1144},[1429,1433,1437,1441,1445,1450],{"type":223,"tag":343,"props":1430,"children":1431},{"style":356},[1432],{"type":228,"value":1317},{"type":223,"tag":343,"props":1434,"children":1435},{"style":917},[1436],{"type":228,"value":1322},{"type":223,"tag":343,"props":1438,"children":1439},{"style":356},[1440],{"type":228,"value":1327},{"type":223,"tag":343,"props":1442,"children":1443},{"style":356},[1444],{"type":228,"value":765},{"type":223,"tag":343,"props":1446,"children":1447},{"style":383},[1448],{"type":228,"value":1449},"adminConsentDescription",{"type":223,"tag":343,"props":1451,"children":1452},{"style":356},[1453],{"type":228,"value":1167},{"type":223,"tag":343,"props":1455,"children":1456},{"class":345,"line":1170},[1457],{"type":223,"tag":343,"props":1458,"children":1459},{"style":356},[1460],{"type":228,"value":1461},"{\n",{"type":223,"tag":343,"props":1463,"children":1464},{"class":345,"line":1195},[1465,1470,1474,1478,1482],{"type":223,"tag":343,"props":1466,"children":1467},{"style":356},[1468],{"type":228,"value":1469},"    $",{"type":223,"tag":343,"props":1471,"children":1472},{"style":383},[1473],{"type":228,"value":992},{"type":223,"tag":343,"props":1475,"children":1476},{"style":356},[1477],{"type":228,"value":573},{"type":223,"tag":343,"props":1479,"children":1480},{"style":372},[1481],{"type":228,"value":904},{"type":223,"tag":343,"props":1483,"children":1484},{"style":383},[1485],{"type":228,"value":1486}," Microsoft.Open.MsGraph.Model.PermissionScope\n",{"type":223,"tag":343,"props":1488,"children":1490},{"class":345,"line":1489},12,[1491,1495,1500,1504],{"type":223,"tag":343,"props":1492,"children":1493},{"style":356},[1494],{"type":228,"value":1469},{"type":223,"tag":343,"props":1496,"children":1497},{"style":383},[1498],{"type":228,"value":1499},"scope.Id ",{"type":223,"tag":343,"props":1501,"children":1502},{"style":356},[1503],{"type":228,"value":573},{"type":223,"tag":343,"props":1505,"children":1506},{"style":372},[1507],{"type":228,"value":1508}," New-Guid\n",{"type":223,"tag":343,"props":1510,"children":1512},{"class":345,"line":1511},13,[1513,1517,1522,1526,1530],{"type":223,"tag":343,"props":1514,"children":1515},{"style":356},[1516],{"type":228,"value":1469},{"type":223,"tag":343,"props":1518,"children":1519},{"style":383},[1520],{"type":228,"value":1521},"scope.Value ",{"type":223,"tag":343,"props":1523,"children":1524},{"style":356},[1525],{"type":228,"value":573},{"type":223,"tag":343,"props":1527,"children":1528},{"style":356},[1529],{"type":228,"value":765},{"type":223,"tag":343,"props":1531,"children":1532},{"style":383},[1533],{"type":228,"value":1534},"value\n",{"type":223,"tag":343,"props":1536,"children":1538},{"class":345,"line":1537},14,[1539,1543,1548,1552,1556],{"type":223,"tag":343,"props":1540,"children":1541},{"style":356},[1542],{"type":228,"value":1469},{"type":223,"tag":343,"props":1544,"children":1545},{"style":383},[1546],{"type":228,"value":1547},"scope.UserConsentDisplayName ",{"type":223,"tag":343,"props":1549,"children":1550},{"style":356},[1551],{"type":228,"value":573},{"type":223,"tag":343,"props":1553,"children":1554},{"style":356},[1555],{"type":228,"value":765},{"type":223,"tag":343,"props":1557,"children":1558},{"style":383},[1559],{"type":228,"value":1560},"userConsentDisplayName\n",{"type":223,"tag":343,"props":1562,"children":1564},{"class":345,"line":1563},15,[1565,1569,1574,1578,1582],{"type":223,"tag":343,"props":1566,"children":1567},{"style":356},[1568],{"type":228,"value":1469},{"type":223,"tag":343,"props":1570,"children":1571},{"style":383},[1572],{"type":228,"value":1573},"scope.UserConsentDescription ",{"type":223,"tag":343,"props":1575,"children":1576},{"style":356},[1577],{"type":228,"value":573},{"type":223,"tag":343,"props":1579,"children":1580},{"style":356},[1581],{"type":228,"value":765},{"type":223,"tag":343,"props":1583,"children":1584},{"style":383},[1585],{"type":228,"value":1586},"userConsentDescription\n",{"type":223,"tag":343,"props":1588,"children":1590},{"class":345,"line":1589},16,[1591,1595,1600,1604,1608],{"type":223,"tag":343,"props":1592,"children":1593},{"style":356},[1594],{"type":228,"value":1469},{"type":223,"tag":343,"props":1596,"children":1597},{"style":383},[1598],{"type":228,"value":1599},"scope.AdminConsentDisplayName ",{"type":223,"tag":343,"props":1601,"children":1602},{"style":356},[1603],{"type":228,"value":573},{"type":223,"tag":343,"props":1605,"children":1606},{"style":356},[1607],{"type":228,"value":765},{"type":223,"tag":343,"props":1609,"children":1610},{"style":383},[1611],{"type":228,"value":1612},"adminConsentDisplayName\n",{"type":223,"tag":343,"props":1614,"children":1616},{"class":345,"line":1615},17,[1617,1621,1626,1630,1634],{"type":223,"tag":343,"props":1618,"children":1619},{"style":356},[1620],{"type":228,"value":1469},{"type":223,"tag":343,"props":1622,"children":1623},{"style":383},[1624],{"type":228,"value":1625},"scope.AdminConsentDescription ",{"type":223,"tag":343,"props":1627,"children":1628},{"style":356},[1629],{"type":228,"value":573},{"type":223,"tag":343,"props":1631,"children":1632},{"style":356},[1633],{"type":228,"value":765},{"type":223,"tag":343,"props":1635,"children":1636},{"style":383},[1637],{"type":228,"value":1638},"adminConsentDescription\n",{"type":223,"tag":343,"props":1640,"children":1642},{"class":345,"line":1641},18,[1643,1647,1652,1656],{"type":223,"tag":343,"props":1644,"children":1645},{"style":356},[1646],{"type":228,"value":1469},{"type":223,"tag":343,"props":1648,"children":1649},{"style":383},[1650],{"type":228,"value":1651},"scope.IsEnabled ",{"type":223,"tag":343,"props":1653,"children":1654},{"style":356},[1655],{"type":228,"value":573},{"type":223,"tag":343,"props":1657,"children":1658},{"style":356},[1659],{"type":228,"value":1660}," $true\n",{"type":223,"tag":343,"props":1662,"children":1664},{"class":345,"line":1663},19,[1665,1669,1674,1678,1683,1688],{"type":223,"tag":343,"props":1666,"children":1667},{"style":356},[1668],{"type":228,"value":1469},{"type":223,"tag":343,"props":1670,"children":1671},{"style":383},[1672],{"type":228,"value":1673},"scope.Type ",{"type":223,"tag":343,"props":1675,"children":1676},{"style":356},[1677],{"type":228,"value":573},{"type":223,"tag":343,"props":1679,"children":1680},{"style":356},[1681],{"type":228,"value":1682}," \"",{"type":223,"tag":343,"props":1684,"children":1685},{"style":404},[1686],{"type":228,"value":1687},"User",{"type":223,"tag":343,"props":1689,"children":1690},{"style":356},[1691],{"type":228,"value":841},{"type":223,"tag":343,"props":1693,"children":1695},{"class":345,"line":1694},20,[1696,1701,1705],{"type":223,"tag":343,"props":1697,"children":1698},{"style":350},[1699],{"type":228,"value":1700},"    return",{"type":223,"tag":343,"props":1702,"children":1703},{"style":356},[1704],{"type":228,"value":765},{"type":223,"tag":343,"props":1706,"children":1707},{"style":383},[1708],{"type":228,"value":1709},"scope\n",{"type":223,"tag":343,"props":1711,"children":1713},{"class":345,"line":1712},21,[1714],{"type":223,"tag":343,"props":1715,"children":1716},{"style":356},[1717],{"type":228,"value":473},{"type":223,"tag":311,"props":1719,"children":1721},{"id":1720},"preauthorize-teams-clients",[1722],{"type":228,"value":1723},"Preauthorize Teams clients.",{"type":223,"tag":224,"props":1725,"children":1726},{},[1727],{"type":228,"value":1728},"As the Teams clients will ask for a token with the previously created scope, they must be authorized to have access to this permission. That is what does the following script:",{"type":223,"tag":332,"props":1730,"children":1732},{"className":334,"code":1731,"language":336,"meta":207,"style":207},"# Authorize Teams mobile/desktop client and Teams web client to access API\n$preAuthorizedApplications = New-Object 'System.Collections.Generic.List[Microsoft.Open.MSGraph.ModePreAuthorizedApplication]'\n$teamsRichClienPreauthorization = CreatePreAuthorizedApplication `\n    -applicationIdToPreAuthorize '1fec8e78-bce4-4aaf-ab1b-5451cc387264' `\n    -scopeId $scope.Id\n$teamsWebClienPreauthorization = CreatePreAuthorizedApplication `\n    -applicationIdToPreAuthorize '5e3ce6c0-2b1f-4285-8d4b-75ee78787346' `\n    -scopeId $scope.Id\n$preAuthorizedApplications.Add($teamsRichClienPreauthorization)\n$preAuthorizedApplications.Add($teamsWebClienPreauthorization)   \n$app = Get-AzureADMSApplication -ObjectId $applicationObjectId\n$app.Api.PreAuthorizedApplications = $preAuthorizedApplications\nSet-AzureADMSApplication -ObjectId $app.Id -Api $app.Api\n",[1733],{"type":223,"tag":339,"props":1734,"children":1735},{"__ignoreMap":207},[1736,1744,1779,1805,1836,1857,1881,1909,1928,1953,1982,2017,2042],{"type":223,"tag":343,"props":1737,"children":1738},{"class":345,"line":346},[1739],{"type":223,"tag":343,"props":1740,"children":1741},{"style":880},[1742],{"type":228,"value":1743},"# Authorize Teams mobile/desktop client and Teams web client to access API\n",{"type":223,"tag":343,"props":1745,"children":1746},{"class":345,"line":429},[1747,1751,1756,1760,1764,1769,1774],{"type":223,"tag":343,"props":1748,"children":1749},{"style":356},[1750],{"type":228,"value":528},{"type":223,"tag":343,"props":1752,"children":1753},{"style":383},[1754],{"type":228,"value":1755},"preAuthorizedApplications ",{"type":223,"tag":343,"props":1757,"children":1758},{"style":356},[1759],{"type":228,"value":573},{"type":223,"tag":343,"props":1761,"children":1762},{"style":372},[1763],{"type":228,"value":904},{"type":223,"tag":343,"props":1765,"children":1766},{"style":356},[1767],{"type":228,"value":1768}," '",{"type":223,"tag":343,"props":1770,"children":1771},{"style":404},[1772],{"type":228,"value":1773},"System.Collections.Generic.List[Microsoft.Open.MSGraph.ModePreAuthorizedApplication]",{"type":223,"tag":343,"props":1775,"children":1776},{"style":356},[1777],{"type":228,"value":1778},"'\n",{"type":223,"tag":343,"props":1780,"children":1781},{"class":345,"line":467},[1782,1786,1791,1795,1800],{"type":223,"tag":343,"props":1783,"children":1784},{"style":356},[1785],{"type":228,"value":528},{"type":223,"tag":343,"props":1787,"children":1788},{"style":383},[1789],{"type":228,"value":1790},"teamsRichClienPreauthorization ",{"type":223,"tag":343,"props":1792,"children":1793},{"style":356},[1794],{"type":228,"value":573},{"type":223,"tag":343,"props":1796,"children":1797},{"style":383},[1798],{"type":228,"value":1799}," CreatePreAuthorizedApplication ",{"type":223,"tag":343,"props":1801,"children":1802},{"style":356},[1803],{"type":228,"value":1804},"`\n",{"type":223,"tag":343,"props":1806,"children":1807},{"class":345,"line":476},[1808,1812,1817,1822,1827,1831],{"type":223,"tag":343,"props":1809,"children":1810},{"style":356},[1811],{"type":228,"value":1035},{"type":223,"tag":343,"props":1813,"children":1814},{"style":383},[1815],{"type":228,"value":1816},"applicationIdToPreAuthorize ",{"type":223,"tag":343,"props":1818,"children":1819},{"style":356},[1820],{"type":228,"value":1821},"'",{"type":223,"tag":343,"props":1823,"children":1824},{"style":404},[1825],{"type":228,"value":1826},"1fec8e78-bce4-4aaf-ab1b-5451cc387264",{"type":223,"tag":343,"props":1828,"children":1829},{"style":356},[1830],{"type":228,"value":1821},{"type":223,"tag":343,"props":1832,"children":1833},{"style":356},[1834],{"type":228,"value":1835}," `\n",{"type":223,"tag":343,"props":1837,"children":1838},{"class":345,"line":486},[1839,1843,1848,1852],{"type":223,"tag":343,"props":1840,"children":1841},{"style":356},[1842],{"type":228,"value":1035},{"type":223,"tag":343,"props":1844,"children":1845},{"style":383},[1846],{"type":228,"value":1847},"scopeId ",{"type":223,"tag":343,"props":1849,"children":1850},{"style":356},[1851],{"type":228,"value":528},{"type":223,"tag":343,"props":1853,"children":1854},{"style":383},[1855],{"type":228,"value":1856},"scope.Id\n",{"type":223,"tag":343,"props":1858,"children":1859},{"class":345,"line":500},[1860,1864,1869,1873,1877],{"type":223,"tag":343,"props":1861,"children":1862},{"style":356},[1863],{"type":228,"value":528},{"type":223,"tag":343,"props":1865,"children":1866},{"style":383},[1867],{"type":228,"value":1868},"teamsWebClienPreauthorization ",{"type":223,"tag":343,"props":1870,"children":1871},{"style":356},[1872],{"type":228,"value":573},{"type":223,"tag":343,"props":1874,"children":1875},{"style":383},[1876],{"type":228,"value":1799},{"type":223,"tag":343,"props":1878,"children":1879},{"style":356},[1880],{"type":228,"value":1804},{"type":223,"tag":343,"props":1882,"children":1883},{"class":345,"line":508},[1884,1888,1892,1896,1901,1905],{"type":223,"tag":343,"props":1885,"children":1886},{"style":356},[1887],{"type":228,"value":1035},{"type":223,"tag":343,"props":1889,"children":1890},{"style":383},[1891],{"type":228,"value":1816},{"type":223,"tag":343,"props":1893,"children":1894},{"style":356},[1895],{"type":228,"value":1821},{"type":223,"tag":343,"props":1897,"children":1898},{"style":404},[1899],{"type":228,"value":1900},"5e3ce6c0-2b1f-4285-8d4b-75ee78787346",{"type":223,"tag":343,"props":1902,"children":1903},{"style":356},[1904],{"type":228,"value":1821},{"type":223,"tag":343,"props":1906,"children":1907},{"style":356},[1908],{"type":228,"value":1835},{"type":223,"tag":343,"props":1910,"children":1911},{"class":345,"line":1118},[1912,1916,1920,1924],{"type":223,"tag":343,"props":1913,"children":1914},{"style":356},[1915],{"type":228,"value":1035},{"type":223,"tag":343,"props":1917,"children":1918},{"style":383},[1919],{"type":228,"value":1847},{"type":223,"tag":343,"props":1921,"children":1922},{"style":356},[1923],{"type":228,"value":528},{"type":223,"tag":343,"props":1925,"children":1926},{"style":383},[1927],{"type":228,"value":1856},{"type":223,"tag":343,"props":1929,"children":1930},{"class":345,"line":1144},[1931,1935,1940,1944,1949],{"type":223,"tag":343,"props":1932,"children":1933},{"style":356},[1934],{"type":228,"value":528},{"type":223,"tag":343,"props":1936,"children":1937},{"style":383},[1938],{"type":228,"value":1939},"preAuthorizedApplications.Add",{"type":223,"tag":343,"props":1941,"children":1942},{"style":356},[1943],{"type":228,"value":965},{"type":223,"tag":343,"props":1945,"children":1946},{"style":383},[1947],{"type":228,"value":1948},"teamsRichClienPreauthorization",{"type":223,"tag":343,"props":1950,"children":1951},{"style":356},[1952],{"type":228,"value":1167},{"type":223,"tag":343,"props":1954,"children":1955},{"class":345,"line":1170},[1956,1960,1964,1968,1973,1977],{"type":223,"tag":343,"props":1957,"children":1958},{"style":356},[1959],{"type":228,"value":528},{"type":223,"tag":343,"props":1961,"children":1962},{"style":383},[1963],{"type":228,"value":1939},{"type":223,"tag":343,"props":1965,"children":1966},{"style":356},[1967],{"type":228,"value":965},{"type":223,"tag":343,"props":1969,"children":1970},{"style":383},[1971],{"type":228,"value":1972},"teamsWebClienPreauthorization",{"type":223,"tag":343,"props":1974,"children":1975},{"style":356},[1976],{"type":228,"value":975},{"type":223,"tag":343,"props":1978,"children":1979},{"style":383},[1980],{"type":228,"value":1981},"   \n",{"type":223,"tag":343,"props":1983,"children":1984},{"class":345,"line":1195},[1985,1989,1993,1997,2001,2005,2009,2013],{"type":223,"tag":343,"props":1986,"children":1987},{"style":356},[1988],{"type":228,"value":528},{"type":223,"tag":343,"props":1990,"children":1991},{"style":383},[1992],{"type":228,"value":568},{"type":223,"tag":343,"props":1994,"children":1995},{"style":356},[1996],{"type":228,"value":573},{"type":223,"tag":343,"props":1998,"children":1999},{"style":372},[2000],{"type":228,"value":578},{"type":223,"tag":343,"props":2002,"children":2003},{"style":356},[2004],{"type":228,"value":380},{"type":223,"tag":343,"props":2006,"children":2007},{"style":383},[2008],{"type":228,"value":587},{"type":223,"tag":343,"props":2010,"children":2011},{"style":356},[2012],{"type":228,"value":528},{"type":223,"tag":343,"props":2014,"children":2015},{"style":383},[2016],{"type":228,"value":596},{"type":223,"tag":343,"props":2018,"children":2019},{"class":345,"line":1489},[2020,2024,2029,2033,2037],{"type":223,"tag":343,"props":2021,"children":2022},{"style":356},[2023],{"type":228,"value":528},{"type":223,"tag":343,"props":2025,"children":2026},{"style":383},[2027],{"type":228,"value":2028},"app.Api.PreAuthorizedApplications ",{"type":223,"tag":343,"props":2030,"children":2031},{"style":356},[2032],{"type":228,"value":573},{"type":223,"tag":343,"props":2034,"children":2035},{"style":356},[2036],{"type":228,"value":765},{"type":223,"tag":343,"props":2038,"children":2039},{"style":383},[2040],{"type":228,"value":2041},"preAuthorizedApplications\n",{"type":223,"tag":343,"props":2043,"children":2044},{"class":345,"line":1511},[2045,2049,2053,2057,2061,2065,2069,2073,2077],{"type":223,"tag":343,"props":2046,"children":2047},{"style":372},[2048],{"type":228,"value":778},{"type":223,"tag":343,"props":2050,"children":2051},{"style":356},[2052],{"type":228,"value":380},{"type":223,"tag":343,"props":2054,"children":2055},{"style":383},[2056],{"type":228,"value":587},{"type":223,"tag":343,"props":2058,"children":2059},{"style":356},[2060],{"type":228,"value":528},{"type":223,"tag":343,"props":2062,"children":2063},{"style":383},[2064],{"type":228,"value":795},{"type":223,"tag":343,"props":2066,"children":2067},{"style":356},[2068],{"type":228,"value":391},{"type":223,"tag":343,"props":2070,"children":2071},{"style":383},[2072],{"type":228,"value":1225},{"type":223,"tag":343,"props":2074,"children":2075},{"style":356},[2076],{"type":228,"value":528},{"type":223,"tag":343,"props":2078,"children":2079},{"style":383},[2080],{"type":228,"value":1234},{"type":223,"tag":224,"props":2082,"children":2083},{},[2084],{"type":228,"value":2085},"This code calls a PowerShell function that simply creates the PreAuthorizedApplication object.",{"type":223,"tag":332,"props":2087,"children":2089},{"className":334,"code":2088,"language":336,"meta":207,"style":207},"\u003C#.Description\n   This function creates a new PreAuthorized application on a specified scope\n#>  \nfunction CreatePreAuthorizedApplication(\n    [string] $applicationIdToPreAuthorize,\n    [string] $scopeId)\n{\n    $preAuthorizedApplication = New-Object 'Microsoft.Open.MSGraph.Model.PreAuthorizedApplication'\n    $preAuthorizedApplication.AppId = $applicationIdToPreAuthorize\n    $preAuthorizedApplication.DelegatedPermissionIds = @($scopeId)\n    return $preAuthorizedApplication\n}\n",[2090],{"type":223,"tag":339,"props":2091,"children":2092},{"__ignoreMap":207},[2093,2108,2116,2127,2143,2171,2199,2206,2239,2264,2298,2314],{"type":223,"tag":343,"props":2094,"children":2095},{"class":345,"line":346},[2096,2100,2104],{"type":223,"tag":343,"props":2097,"children":2098},{"style":880},[2099],{"type":228,"value":1261},{"type":223,"tag":343,"props":2101,"children":2102},{"style":880},[2103],{"type":228,"value":240},{"type":223,"tag":343,"props":2105,"children":2106},{"style":350},[2107],{"type":228,"value":1270},{"type":223,"tag":343,"props":2109,"children":2110},{"class":345,"line":429},[2111],{"type":223,"tag":343,"props":2112,"children":2113},{"style":880},[2114],{"type":228,"value":2115},"   This function creates a new PreAuthorized application on a specified scope\n",{"type":223,"tag":343,"props":2117,"children":2118},{"class":345,"line":467},[2119,2123],{"type":223,"tag":343,"props":2120,"children":2121},{"style":880},[2122],{"type":228,"value":1286},{"type":223,"tag":343,"props":2124,"children":2125},{"style":383},[2126],{"type":228,"value":1291},{"type":223,"tag":343,"props":2128,"children":2129},{"class":345,"line":476},[2130,2134,2139],{"type":223,"tag":343,"props":2131,"children":2132},{"style":917},[2133],{"type":228,"value":1299},{"type":223,"tag":343,"props":2135,"children":2136},{"style":372},[2137],{"type":228,"value":2138}," CreatePreAuthorizedApplication",{"type":223,"tag":343,"props":2140,"children":2141},{"style":356},[2142],{"type":228,"value":1309},{"type":223,"tag":343,"props":2144,"children":2145},{"class":345,"line":486},[2146,2150,2154,2158,2162,2167],{"type":223,"tag":343,"props":2147,"children":2148},{"style":356},[2149],{"type":228,"value":1317},{"type":223,"tag":343,"props":2151,"children":2152},{"style":917},[2153],{"type":228,"value":1322},{"type":223,"tag":343,"props":2155,"children":2156},{"style":356},[2157],{"type":228,"value":1327},{"type":223,"tag":343,"props":2159,"children":2160},{"style":356},[2161],{"type":228,"value":765},{"type":223,"tag":343,"props":2163,"children":2164},{"style":383},[2165],{"type":228,"value":2166},"applicationIdToPreAuthorize",{"type":223,"tag":343,"props":2168,"children":2169},{"style":356},[2170],{"type":228,"value":1341},{"type":223,"tag":343,"props":2172,"children":2173},{"class":345,"line":500},[2174,2178,2182,2186,2190,2195],{"type":223,"tag":343,"props":2175,"children":2176},{"style":356},[2177],{"type":228,"value":1317},{"type":223,"tag":343,"props":2179,"children":2180},{"style":917},[2181],{"type":228,"value":1322},{"type":223,"tag":343,"props":2183,"children":2184},{"style":356},[2185],{"type":228,"value":1327},{"type":223,"tag":343,"props":2187,"children":2188},{"style":356},[2189],{"type":228,"value":765},{"type":223,"tag":343,"props":2191,"children":2192},{"style":383},[2193],{"type":228,"value":2194},"scopeId",{"type":223,"tag":343,"props":2196,"children":2197},{"style":356},[2198],{"type":228,"value":1167},{"type":223,"tag":343,"props":2200,"children":2201},{"class":345,"line":508},[2202],{"type":223,"tag":343,"props":2203,"children":2204},{"style":356},[2205],{"type":228,"value":1461},{"type":223,"tag":343,"props":2207,"children":2208},{"class":345,"line":1118},[2209,2213,2218,2222,2226,2230,2235],{"type":223,"tag":343,"props":2210,"children":2211},{"style":356},[2212],{"type":228,"value":1469},{"type":223,"tag":343,"props":2214,"children":2215},{"style":383},[2216],{"type":228,"value":2217},"preAuthorizedApplication ",{"type":223,"tag":343,"props":2219,"children":2220},{"style":356},[2221],{"type":228,"value":573},{"type":223,"tag":343,"props":2223,"children":2224},{"style":372},[2225],{"type":228,"value":904},{"type":223,"tag":343,"props":2227,"children":2228},{"style":356},[2229],{"type":228,"value":1768},{"type":223,"tag":343,"props":2231,"children":2232},{"style":404},[2233],{"type":228,"value":2234},"Microsoft.Open.MSGraph.Model.PreAuthorizedApplication",{"type":223,"tag":343,"props":2236,"children":2237},{"style":356},[2238],{"type":228,"value":1778},{"type":223,"tag":343,"props":2240,"children":2241},{"class":345,"line":1144},[2242,2246,2251,2255,2259],{"type":223,"tag":343,"props":2243,"children":2244},{"style":356},[2245],{"type":228,"value":1469},{"type":223,"tag":343,"props":2247,"children":2248},{"style":383},[2249],{"type":228,"value":2250},"preAuthorizedApplication.AppId ",{"type":223,"tag":343,"props":2252,"children":2253},{"style":356},[2254],{"type":228,"value":573},{"type":223,"tag":343,"props":2256,"children":2257},{"style":356},[2258],{"type":228,"value":765},{"type":223,"tag":343,"props":2260,"children":2261},{"style":383},[2262],{"type":228,"value":2263},"applicationIdToPreAuthorize\n",{"type":223,"tag":343,"props":2265,"children":2266},{"class":345,"line":1170},[2267,2271,2276,2280,2286,2290,2294],{"type":223,"tag":343,"props":2268,"children":2269},{"style":356},[2270],{"type":228,"value":1469},{"type":223,"tag":343,"props":2272,"children":2273},{"style":383},[2274],{"type":228,"value":2275},"preAuthorizedApplication.DelegatedPermissionIds ",{"type":223,"tag":343,"props":2277,"children":2278},{"style":356},[2279],{"type":228,"value":573},{"type":223,"tag":343,"props":2281,"children":2283},{"style":2282},"--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C",[2284],{"type":228,"value":2285}," @",{"type":223,"tag":343,"props":2287,"children":2288},{"style":356},[2289],{"type":228,"value":965},{"type":223,"tag":343,"props":2291,"children":2292},{"style":383},[2293],{"type":228,"value":2194},{"type":223,"tag":343,"props":2295,"children":2296},{"style":356},[2297],{"type":228,"value":1167},{"type":223,"tag":343,"props":2299,"children":2300},{"class":345,"line":1195},[2301,2305,2309],{"type":223,"tag":343,"props":2302,"children":2303},{"style":350},[2304],{"type":228,"value":1700},{"type":223,"tag":343,"props":2306,"children":2307},{"style":356},[2308],{"type":228,"value":765},{"type":223,"tag":343,"props":2310,"children":2311},{"style":383},[2312],{"type":228,"value":2313},"preAuthorizedApplication\n",{"type":223,"tag":343,"props":2315,"children":2316},{"class":345,"line":1489},[2317],{"type":223,"tag":343,"props":2318,"children":2319},{"style":356},[2320],{"type":228,"value":473},{"type":223,"tag":311,"props":2322,"children":2324},{"id":2323},"grant-user-level-graph-api-permissions",[2325],{"type":228,"value":2326},"Grant user-level Graph API permissions",{"type":223,"tag":224,"props":2328,"children":2329},{},[2330,2332,2339],{"type":228,"value":2331},"The next step consists in specifying the permissions the application will need for the AAD endpoint: email, offline_access, openid, profile (",{"type":223,"tag":231,"props":2333,"children":2336},{"href":2334,"rel":2335},"https://docs.microsoft.com/fr-fr/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes",[235],[2337],{"type":228,"value":2338},"OpenID connect scopes",{"type":228,"value":2340},").",{"type":223,"tag":332,"props":2342,"children":2344},{"className":334,"code":2343,"language":336,"meta":207,"style":207},"# Add API permissions needed\n$requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.MsGraph.Model.RequiredResourceAccess]\n$requiredPermissions = GetRequiredPermissions `\n    -applicationDisplayName 'Microsoft Graph' `\n    -requiredDelegatedPermissions \"User.Read|email|offline_access|openid|profile\"\n$requiredResourcesAccess.Add($requiredPermissions)   \nSet-AzureADMSApplication -ObjectId $app.Id -RequiredResourceAccess $requiredPermissions\n",[2345],{"type":223,"tag":339,"props":2346,"children":2347},{"__ignoreMap":207},[2348,2356,2393,2418,2447,2472,2501],{"type":223,"tag":343,"props":2349,"children":2350},{"class":345,"line":346},[2351],{"type":223,"tag":343,"props":2352,"children":2353},{"style":880},[2354],{"type":228,"value":2355},"# Add API permissions needed\n",{"type":223,"tag":343,"props":2357,"children":2358},{"class":345,"line":429},[2359,2363,2368,2372,2376,2380,2384,2389],{"type":223,"tag":343,"props":2360,"children":2361},{"style":356},[2362],{"type":228,"value":528},{"type":223,"tag":343,"props":2364,"children":2365},{"style":383},[2366],{"type":228,"value":2367},"requiredResourcesAccess ",{"type":223,"tag":343,"props":2369,"children":2370},{"style":356},[2371],{"type":228,"value":573},{"type":223,"tag":343,"props":2373,"children":2374},{"style":372},[2375],{"type":228,"value":904},{"type":223,"tag":343,"props":2377,"children":2378},{"style":383},[2379],{"type":228,"value":909},{"type":223,"tag":343,"props":2381,"children":2382},{"style":356},[2383],{"type":228,"value":914},{"type":223,"tag":343,"props":2385,"children":2386},{"style":917},[2387],{"type":228,"value":2388},"Microsoft.Open.MsGraph.Model.RequiredResourceAccess",{"type":223,"tag":343,"props":2390,"children":2391},{"style":356},[2392],{"type":228,"value":925},{"type":223,"tag":343,"props":2394,"children":2395},{"class":345,"line":467},[2396,2400,2405,2409,2414],{"type":223,"tag":343,"props":2397,"children":2398},{"style":356},[2399],{"type":228,"value":528},{"type":223,"tag":343,"props":2401,"children":2402},{"style":383},[2403],{"type":228,"value":2404},"requiredPermissions ",{"type":223,"tag":343,"props":2406,"children":2407},{"style":356},[2408],{"type":228,"value":573},{"type":223,"tag":343,"props":2410,"children":2411},{"style":383},[2412],{"type":228,"value":2413}," GetRequiredPermissions ",{"type":223,"tag":343,"props":2415,"children":2416},{"style":356},[2417],{"type":228,"value":1804},{"type":223,"tag":343,"props":2419,"children":2420},{"class":345,"line":476},[2421,2425,2430,2434,2439,2443],{"type":223,"tag":343,"props":2422,"children":2423},{"style":356},[2424],{"type":228,"value":1035},{"type":223,"tag":343,"props":2426,"children":2427},{"style":383},[2428],{"type":228,"value":2429},"applicationDisplayName ",{"type":223,"tag":343,"props":2431,"children":2432},{"style":356},[2433],{"type":228,"value":1821},{"type":223,"tag":343,"props":2435,"children":2436},{"style":404},[2437],{"type":228,"value":2438},"Microsoft Graph",{"type":223,"tag":343,"props":2440,"children":2441},{"style":356},[2442],{"type":228,"value":1821},{"type":223,"tag":343,"props":2444,"children":2445},{"style":356},[2446],{"type":228,"value":1835},{"type":223,"tag":343,"props":2448,"children":2449},{"class":345,"line":486},[2450,2454,2459,2463,2468],{"type":223,"tag":343,"props":2451,"children":2452},{"style":356},[2453],{"type":228,"value":1035},{"type":223,"tag":343,"props":2455,"children":2456},{"style":383},[2457],{"type":228,"value":2458},"requiredDelegatedPermissions ",{"type":223,"tag":343,"props":2460,"children":2461},{"style":356},[2462],{"type":228,"value":401},{"type":223,"tag":343,"props":2464,"children":2465},{"style":404},[2466],{"type":228,"value":2467},"User.Read|email|offline_access|openid|profile",{"type":223,"tag":343,"props":2469,"children":2470},{"style":356},[2471],{"type":228,"value":841},{"type":223,"tag":343,"props":2473,"children":2474},{"class":345,"line":500},[2475,2479,2484,2488,2493,2497],{"type":223,"tag":343,"props":2476,"children":2477},{"style":356},[2478],{"type":228,"value":528},{"type":223,"tag":343,"props":2480,"children":2481},{"style":383},[2482],{"type":228,"value":2483},"requiredResourcesAccess.Add",{"type":223,"tag":343,"props":2485,"children":2486},{"style":356},[2487],{"type":228,"value":965},{"type":223,"tag":343,"props":2489,"children":2490},{"style":383},[2491],{"type":228,"value":2492},"requiredPermissions",{"type":223,"tag":343,"props":2494,"children":2495},{"style":356},[2496],{"type":228,"value":975},{"type":223,"tag":343,"props":2498,"children":2499},{"style":383},[2500],{"type":228,"value":1981},{"type":223,"tag":343,"props":2502,"children":2503},{"class":345,"line":508},[2504,2508,2512,2516,2520,2524,2528,2533,2537],{"type":223,"tag":343,"props":2505,"children":2506},{"style":372},[2507],{"type":228,"value":778},{"type":223,"tag":343,"props":2509,"children":2510},{"style":356},[2511],{"type":228,"value":380},{"type":223,"tag":343,"props":2513,"children":2514},{"style":383},[2515],{"type":228,"value":587},{"type":223,"tag":343,"props":2517,"children":2518},{"style":356},[2519],{"type":228,"value":528},{"type":223,"tag":343,"props":2521,"children":2522},{"style":383},[2523],{"type":228,"value":795},{"type":223,"tag":343,"props":2525,"children":2526},{"style":356},[2527],{"type":228,"value":391},{"type":223,"tag":343,"props":2529,"children":2530},{"style":383},[2531],{"type":228,"value":2532},"RequiredResourceAccess ",{"type":223,"tag":343,"props":2534,"children":2535},{"style":356},[2536],{"type":228,"value":528},{"type":223,"tag":343,"props":2538,"children":2539},{"style":383},[2540],{"type":228,"value":2541},"requiredPermissions\n",{"type":223,"tag":224,"props":2543,"children":2544},{},[2545,2547,2553],{"type":228,"value":2546},"This code calls a PowerShell function ",{"type":223,"tag":339,"props":2548,"children":2550},{"className":2549},[],[2551],{"type":228,"value":2552},"GetRequiredPermissions",{"type":228,"value":2554}," that add the delegated or application permissions specified in parameter. Here we only ask for delegated permissions of Microsoft Graph needed to retrieve an OpenId Connect token but this function is generic and could be used to require scopes or roles of other APIs.",{"type":223,"tag":332,"props":2556,"children":2558},{"className":334,"code":2557,"language":336,"meta":207,"style":207},"# Example: GetRequiredPermissions \"Microsoft Graph\"  \"Graph.Read|User.Read\"\n# See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell\nfunction GetRequiredPermissions(\n    [string] $applicationDisplayName,\n    [string] $requiredDelegatedPermissions,\n    [string]$requiredApplicationPermissions,\n    $servicePrincipal)\n{\n    # If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)\n    if ($servicePrincipal)\n    {\n        $sp = $servicePrincipal\n    }\n    else\n    {\n        $sp = Get-AzureADServicePrincipal -Filter \"DisplayName eq '$applicationDisplayName'\"\n    }\n\n    $requiredAccess = New-Object Microsoft.Open.MsGraph.Model.RequiredResourceAccess\n    $requiredAccess.ResourceAppId = $sp.AppId \n    $requiredAccess.ResourceAccess = New-Object System.Collections.Generic.List[Microsoft.Open.MsGraph.Model.ResourceAccess]\n\n    # $sp.Oauth2Permissions | Select Id,AdminConsentDisplayName,Value: To see the list of all the Delegated permissions for the application:\n    if ($requiredDelegatedPermissions)\n    {\n        AddResourcePermission $requiredAccess -exposedPermissions $sp.Oauth2Permissions -requiredAccesses $requiredDelegatedPermissions -permissionType \"Scope\"\n    }\n    \n    # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application\n    if ($requiredApplicationPermissions)\n    {\n        AddResourcePermission $requiredAccess -exposedPermissions $sp.AppRoles -requiredAccesses $requiredApplicationPermissions -permissionType \"Role\"\n    }\n    return $requiredAccess\n}\n",[2559],{"type":223,"tag":339,"props":2560,"children":2561},{"__ignoreMap":207},[2562,2570,2578,2594,2622,2650,2675,2691,2698,2706,2727,2735,2761,2769,2777,2784,2838,2845,2852,2877,2902,2939,2947,2956,2976,2984,3058,3066,3075,3084,3104,3112,3183,3191,3208],{"type":223,"tag":343,"props":2563,"children":2564},{"class":345,"line":346},[2565],{"type":223,"tag":343,"props":2566,"children":2567},{"style":880},[2568],{"type":228,"value":2569},"# Example: GetRequiredPermissions \"Microsoft Graph\"  \"Graph.Read|User.Read\"\n",{"type":223,"tag":343,"props":2571,"children":2572},{"class":345,"line":429},[2573],{"type":223,"tag":343,"props":2574,"children":2575},{"style":880},[2576],{"type":228,"value":2577},"# See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell\n",{"type":223,"tag":343,"props":2579,"children":2580},{"class":345,"line":467},[2581,2585,2590],{"type":223,"tag":343,"props":2582,"children":2583},{"style":917},[2584],{"type":228,"value":1299},{"type":223,"tag":343,"props":2586,"children":2587},{"style":372},[2588],{"type":228,"value":2589}," GetRequiredPermissions",{"type":223,"tag":343,"props":2591,"children":2592},{"style":356},[2593],{"type":228,"value":1309},{"type":223,"tag":343,"props":2595,"children":2596},{"class":345,"line":476},[2597,2601,2605,2609,2613,2618],{"type":223,"tag":343,"props":2598,"children":2599},{"style":356},[2600],{"type":228,"value":1317},{"type":223,"tag":343,"props":2602,"children":2603},{"style":917},[2604],{"type":228,"value":1322},{"type":223,"tag":343,"props":2606,"children":2607},{"style":356},[2608],{"type":228,"value":1327},{"type":223,"tag":343,"props":2610,"children":2611},{"style":356},[2612],{"type":228,"value":765},{"type":223,"tag":343,"props":2614,"children":2615},{"style":383},[2616],{"type":228,"value":2617},"applicationDisplayName",{"type":223,"tag":343,"props":2619,"children":2620},{"style":356},[2621],{"type":228,"value":1341},{"type":223,"tag":343,"props":2623,"children":2624},{"class":345,"line":486},[2625,2629,2633,2637,2641,2646],{"type":223,"tag":343,"props":2626,"children":2627},{"style":356},[2628],{"type":228,"value":1317},{"type":223,"tag":343,"props":2630,"children":2631},{"style":917},[2632],{"type":228,"value":1322},{"type":223,"tag":343,"props":2634,"children":2635},{"style":356},[2636],{"type":228,"value":1327},{"type":223,"tag":343,"props":2638,"children":2639},{"style":356},[2640],{"type":228,"value":765},{"type":223,"tag":343,"props":2642,"children":2643},{"style":383},[2644],{"type":228,"value":2645},"requiredDelegatedPermissions",{"type":223,"tag":343,"props":2647,"children":2648},{"style":356},[2649],{"type":228,"value":1341},{"type":223,"tag":343,"props":2651,"children":2652},{"class":345,"line":500},[2653,2657,2661,2666,2671],{"type":223,"tag":343,"props":2654,"children":2655},{"style":356},[2656],{"type":228,"value":1317},{"type":223,"tag":343,"props":2658,"children":2659},{"style":917},[2660],{"type":228,"value":1322},{"type":223,"tag":343,"props":2662,"children":2663},{"style":356},[2664],{"type":228,"value":2665},"]$",{"type":223,"tag":343,"props":2667,"children":2668},{"style":383},[2669],{"type":228,"value":2670},"requiredApplicationPermissions",{"type":223,"tag":343,"props":2672,"children":2673},{"style":356},[2674],{"type":228,"value":1341},{"type":223,"tag":343,"props":2676,"children":2677},{"class":345,"line":508},[2678,2682,2687],{"type":223,"tag":343,"props":2679,"children":2680},{"style":356},[2681],{"type":228,"value":1469},{"type":223,"tag":343,"props":2683,"children":2684},{"style":383},[2685],{"type":228,"value":2686},"servicePrincipal",{"type":223,"tag":343,"props":2688,"children":2689},{"style":356},[2690],{"type":228,"value":1167},{"type":223,"tag":343,"props":2692,"children":2693},{"class":345,"line":1118},[2694],{"type":223,"tag":343,"props":2695,"children":2696},{"style":356},[2697],{"type":228,"value":1461},{"type":223,"tag":343,"props":2699,"children":2700},{"class":345,"line":1144},[2701],{"type":223,"tag":343,"props":2702,"children":2703},{"style":880},[2704],{"type":228,"value":2705},"    # If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)\n",{"type":223,"tag":343,"props":2707,"children":2708},{"class":345,"line":1170},[2709,2714,2719,2723],{"type":223,"tag":343,"props":2710,"children":2711},{"style":350},[2712],{"type":228,"value":2713},"    if",{"type":223,"tag":343,"props":2715,"children":2716},{"style":356},[2717],{"type":228,"value":2718}," ($",{"type":223,"tag":343,"props":2720,"children":2721},{"style":383},[2722],{"type":228,"value":2686},{"type":223,"tag":343,"props":2724,"children":2725},{"style":356},[2726],{"type":228,"value":1167},{"type":223,"tag":343,"props":2728,"children":2729},{"class":345,"line":1195},[2730],{"type":223,"tag":343,"props":2731,"children":2732},{"style":356},[2733],{"type":228,"value":2734},"    {\n",{"type":223,"tag":343,"props":2736,"children":2737},{"class":345,"line":1489},[2738,2743,2748,2752,2756],{"type":223,"tag":343,"props":2739,"children":2740},{"style":356},[2741],{"type":228,"value":2742},"        $",{"type":223,"tag":343,"props":2744,"children":2745},{"style":383},[2746],{"type":228,"value":2747},"sp ",{"type":223,"tag":343,"props":2749,"children":2750},{"style":356},[2751],{"type":228,"value":573},{"type":223,"tag":343,"props":2753,"children":2754},{"style":356},[2755],{"type":228,"value":765},{"type":223,"tag":343,"props":2757,"children":2758},{"style":383},[2759],{"type":228,"value":2760},"servicePrincipal\n",{"type":223,"tag":343,"props":2762,"children":2763},{"class":345,"line":1511},[2764],{"type":223,"tag":343,"props":2765,"children":2766},{"style":356},[2767],{"type":228,"value":2768},"    }\n",{"type":223,"tag":343,"props":2770,"children":2771},{"class":345,"line":1537},[2772],{"type":223,"tag":343,"props":2773,"children":2774},{"style":350},[2775],{"type":228,"value":2776},"    else\n",{"type":223,"tag":343,"props":2778,"children":2779},{"class":345,"line":1563},[2780],{"type":223,"tag":343,"props":2781,"children":2782},{"style":356},[2783],{"type":228,"value":2734},{"type":223,"tag":343,"props":2785,"children":2786},{"class":345,"line":1589},[2787,2791,2795,2799,2804,2808,2813,2817,2822,2826,2830,2834],{"type":223,"tag":343,"props":2788,"children":2789},{"style":356},[2790],{"type":228,"value":2742},{"type":223,"tag":343,"props":2792,"children":2793},{"style":383},[2794],{"type":228,"value":2747},{"type":223,"tag":343,"props":2796,"children":2797},{"style":356},[2798],{"type":228,"value":573},{"type":223,"tag":343,"props":2800,"children":2801},{"style":372},[2802],{"type":228,"value":2803}," Get-AzureADServicePrincipal",{"type":223,"tag":343,"props":2805,"children":2806},{"style":356},[2807],{"type":228,"value":380},{"type":223,"tag":343,"props":2809,"children":2810},{"style":383},[2811],{"type":228,"value":2812},"Filter ",{"type":223,"tag":343,"props":2814,"children":2815},{"style":356},[2816],{"type":228,"value":401},{"type":223,"tag":343,"props":2818,"children":2819},{"style":404},[2820],{"type":228,"value":2821},"DisplayName eq '",{"type":223,"tag":343,"props":2823,"children":2824},{"style":356},[2825],{"type":228,"value":528},{"type":223,"tag":343,"props":2827,"children":2828},{"style":383},[2829],{"type":228,"value":2617},{"type":223,"tag":343,"props":2831,"children":2832},{"style":404},[2833],{"type":228,"value":1821},{"type":223,"tag":343,"props":2835,"children":2836},{"style":356},[2837],{"type":228,"value":841},{"type":223,"tag":343,"props":2839,"children":2840},{"class":345,"line":1615},[2841],{"type":223,"tag":343,"props":2842,"children":2843},{"style":356},[2844],{"type":228,"value":2768},{"type":223,"tag":343,"props":2846,"children":2847},{"class":345,"line":1641},[2848],{"type":223,"tag":343,"props":2849,"children":2850},{"emptyLinePlaceholder":480},[2851],{"type":228,"value":483},{"type":223,"tag":343,"props":2853,"children":2854},{"class":345,"line":1663},[2855,2859,2864,2868,2872],{"type":223,"tag":343,"props":2856,"children":2857},{"style":356},[2858],{"type":228,"value":1469},{"type":223,"tag":343,"props":2860,"children":2861},{"style":383},[2862],{"type":228,"value":2863},"requiredAccess ",{"type":223,"tag":343,"props":2865,"children":2866},{"style":356},[2867],{"type":228,"value":573},{"type":223,"tag":343,"props":2869,"children":2870},{"style":372},[2871],{"type":228,"value":904},{"type":223,"tag":343,"props":2873,"children":2874},{"style":383},[2875],{"type":228,"value":2876}," Microsoft.Open.MsGraph.Model.RequiredResourceAccess\n",{"type":223,"tag":343,"props":2878,"children":2879},{"class":345,"line":1694},[2880,2884,2889,2893,2897],{"type":223,"tag":343,"props":2881,"children":2882},{"style":356},[2883],{"type":228,"value":1469},{"type":223,"tag":343,"props":2885,"children":2886},{"style":383},[2887],{"type":228,"value":2888},"requiredAccess.ResourceAppId ",{"type":223,"tag":343,"props":2890,"children":2891},{"style":356},[2892],{"type":228,"value":573},{"type":223,"tag":343,"props":2894,"children":2895},{"style":356},[2896],{"type":228,"value":765},{"type":223,"tag":343,"props":2898,"children":2899},{"style":383},[2900],{"type":228,"value":2901},"sp.AppId \n",{"type":223,"tag":343,"props":2903,"children":2904},{"class":345,"line":1712},[2905,2909,2914,2918,2922,2926,2930,2935],{"type":223,"tag":343,"props":2906,"children":2907},{"style":356},[2908],{"type":228,"value":1469},{"type":223,"tag":343,"props":2910,"children":2911},{"style":383},[2912],{"type":228,"value":2913},"requiredAccess.ResourceAccess ",{"type":223,"tag":343,"props":2915,"children":2916},{"style":356},[2917],{"type":228,"value":573},{"type":223,"tag":343,"props":2919,"children":2920},{"style":372},[2921],{"type":228,"value":904},{"type":223,"tag":343,"props":2923,"children":2924},{"style":383},[2925],{"type":228,"value":909},{"type":223,"tag":343,"props":2927,"children":2928},{"style":356},[2929],{"type":228,"value":914},{"type":223,"tag":343,"props":2931,"children":2932},{"style":917},[2933],{"type":228,"value":2934},"Microsoft.Open.MsGraph.Model.ResourceAccess",{"type":223,"tag":343,"props":2936,"children":2937},{"style":356},[2938],{"type":228,"value":925},{"type":223,"tag":343,"props":2940,"children":2942},{"class":345,"line":2941},22,[2943],{"type":223,"tag":343,"props":2944,"children":2945},{"emptyLinePlaceholder":480},[2946],{"type":228,"value":483},{"type":223,"tag":343,"props":2948,"children":2950},{"class":345,"line":2949},23,[2951],{"type":223,"tag":343,"props":2952,"children":2953},{"style":880},[2954],{"type":228,"value":2955},"    # $sp.Oauth2Permissions | Select Id,AdminConsentDisplayName,Value: To see the list of all the Delegated permissions for the application:\n",{"type":223,"tag":343,"props":2957,"children":2959},{"class":345,"line":2958},24,[2960,2964,2968,2972],{"type":223,"tag":343,"props":2961,"children":2962},{"style":350},[2963],{"type":228,"value":2713},{"type":223,"tag":343,"props":2965,"children":2966},{"style":356},[2967],{"type":228,"value":2718},{"type":223,"tag":343,"props":2969,"children":2970},{"style":383},[2971],{"type":228,"value":2645},{"type":223,"tag":343,"props":2973,"children":2974},{"style":356},[2975],{"type":228,"value":1167},{"type":223,"tag":343,"props":2977,"children":2979},{"class":345,"line":2978},25,[2980],{"type":223,"tag":343,"props":2981,"children":2982},{"style":356},[2983],{"type":228,"value":2734},{"type":223,"tag":343,"props":2985,"children":2987},{"class":345,"line":2986},26,[2988,2993,2997,3001,3005,3010,3014,3019,3023,3028,3032,3036,3040,3045,3049,3054],{"type":223,"tag":343,"props":2989,"children":2990},{"style":383},[2991],{"type":228,"value":2992},"        AddResourcePermission ",{"type":223,"tag":343,"props":2994,"children":2995},{"style":356},[2996],{"type":228,"value":528},{"type":223,"tag":343,"props":2998,"children":2999},{"style":383},[3000],{"type":228,"value":2863},{"type":223,"tag":343,"props":3002,"children":3003},{"style":356},[3004],{"type":228,"value":391},{"type":223,"tag":343,"props":3006,"children":3007},{"style":383},[3008],{"type":228,"value":3009},"exposedPermissions ",{"type":223,"tag":343,"props":3011,"children":3012},{"style":356},[3013],{"type":228,"value":528},{"type":223,"tag":343,"props":3015,"children":3016},{"style":383},[3017],{"type":228,"value":3018},"sp.Oauth2Permissions ",{"type":223,"tag":343,"props":3020,"children":3021},{"style":356},[3022],{"type":228,"value":391},{"type":223,"tag":343,"props":3024,"children":3025},{"style":383},[3026],{"type":228,"value":3027},"requiredAccesses ",{"type":223,"tag":343,"props":3029,"children":3030},{"style":356},[3031],{"type":228,"value":528},{"type":223,"tag":343,"props":3033,"children":3034},{"style":383},[3035],{"type":228,"value":2458},{"type":223,"tag":343,"props":3037,"children":3038},{"style":356},[3039],{"type":228,"value":391},{"type":223,"tag":343,"props":3041,"children":3042},{"style":383},[3043],{"type":228,"value":3044},"permissionType ",{"type":223,"tag":343,"props":3046,"children":3047},{"style":356},[3048],{"type":228,"value":401},{"type":223,"tag":343,"props":3050,"children":3051},{"style":404},[3052],{"type":228,"value":3053},"Scope",{"type":223,"tag":343,"props":3055,"children":3056},{"style":356},[3057],{"type":228,"value":841},{"type":223,"tag":343,"props":3059,"children":3061},{"class":345,"line":3060},27,[3062],{"type":223,"tag":343,"props":3063,"children":3064},{"style":356},[3065],{"type":228,"value":2768},{"type":223,"tag":343,"props":3067,"children":3069},{"class":345,"line":3068},28,[3070],{"type":223,"tag":343,"props":3071,"children":3072},{"style":383},[3073],{"type":228,"value":3074},"    \n",{"type":223,"tag":343,"props":3076,"children":3078},{"class":345,"line":3077},29,[3079],{"type":223,"tag":343,"props":3080,"children":3081},{"style":880},[3082],{"type":228,"value":3083},"    # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application\n",{"type":223,"tag":343,"props":3085,"children":3087},{"class":345,"line":3086},30,[3088,3092,3096,3100],{"type":223,"tag":343,"props":3089,"children":3090},{"style":350},[3091],{"type":228,"value":2713},{"type":223,"tag":343,"props":3093,"children":3094},{"style":356},[3095],{"type":228,"value":2718},{"type":223,"tag":343,"props":3097,"children":3098},{"style":383},[3099],{"type":228,"value":2670},{"type":223,"tag":343,"props":3101,"children":3102},{"style":356},[3103],{"type":228,"value":1167},{"type":223,"tag":343,"props":3105,"children":3107},{"class":345,"line":3106},31,[3108],{"type":223,"tag":343,"props":3109,"children":3110},{"style":356},[3111],{"type":228,"value":2734},{"type":223,"tag":343,"props":3113,"children":3115},{"class":345,"line":3114},32,[3116,3120,3124,3128,3132,3136,3140,3145,3149,3153,3157,3162,3166,3170,3174,3179],{"type":223,"tag":343,"props":3117,"children":3118},{"style":383},[3119],{"type":228,"value":2992},{"type":223,"tag":343,"props":3121,"children":3122},{"style":356},[3123],{"type":228,"value":528},{"type":223,"tag":343,"props":3125,"children":3126},{"style":383},[3127],{"type":228,"value":2863},{"type":223,"tag":343,"props":3129,"children":3130},{"style":356},[3131],{"type":228,"value":391},{"type":223,"tag":343,"props":3133,"children":3134},{"style":383},[3135],{"type":228,"value":3009},{"type":223,"tag":343,"props":3137,"children":3138},{"style":356},[3139],{"type":228,"value":528},{"type":223,"tag":343,"props":3141,"children":3142},{"style":383},[3143],{"type":228,"value":3144},"sp.AppRoles ",{"type":223,"tag":343,"props":3146,"children":3147},{"style":356},[3148],{"type":228,"value":391},{"type":223,"tag":343,"props":3150,"children":3151},{"style":383},[3152],{"type":228,"value":3027},{"type":223,"tag":343,"props":3154,"children":3155},{"style":356},[3156],{"type":228,"value":528},{"type":223,"tag":343,"props":3158,"children":3159},{"style":383},[3160],{"type":228,"value":3161},"requiredApplicationPermissions ",{"type":223,"tag":343,"props":3163,"children":3164},{"style":356},[3165],{"type":228,"value":391},{"type":223,"tag":343,"props":3167,"children":3168},{"style":383},[3169],{"type":228,"value":3044},{"type":223,"tag":343,"props":3171,"children":3172},{"style":356},[3173],{"type":228,"value":401},{"type":223,"tag":343,"props":3175,"children":3176},{"style":404},[3177],{"type":228,"value":3178},"Role",{"type":223,"tag":343,"props":3180,"children":3181},{"style":356},[3182],{"type":228,"value":841},{"type":223,"tag":343,"props":3184,"children":3186},{"class":345,"line":3185},33,[3187],{"type":223,"tag":343,"props":3188,"children":3189},{"style":356},[3190],{"type":228,"value":2768},{"type":223,"tag":343,"props":3192,"children":3194},{"class":345,"line":3193},34,[3195,3199,3203],{"type":223,"tag":343,"props":3196,"children":3197},{"style":350},[3198],{"type":228,"value":1700},{"type":223,"tag":343,"props":3200,"children":3201},{"style":356},[3202],{"type":228,"value":765},{"type":223,"tag":343,"props":3204,"children":3205},{"style":383},[3206],{"type":228,"value":3207},"requiredAccess\n",{"type":223,"tag":343,"props":3209,"children":3211},{"class":345,"line":3210},35,[3212],{"type":223,"tag":343,"props":3213,"children":3214},{"style":356},[3215],{"type":228,"value":473},{"type":223,"tag":224,"props":3217,"children":3218},{},[3219,3221,3226,3228,3234],{"type":228,"value":3220},"The ",{"type":223,"tag":339,"props":3222,"children":3224},{"className":3223},[],[3225],{"type":228,"value":2552},{"type":228,"value":3227}," function calls a ",{"type":223,"tag":339,"props":3229,"children":3231},{"className":3230},[],[3232],{"type":228,"value":3233},"AddResourcePermission",{"type":228,"value":3235}," function that creates permissions (ResourceAccess objects).",{"type":223,"tag":332,"props":3237,"children":3239},{"className":334,"code":3238,"language":336,"meta":207,"style":207},"# Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure\n# The exposed permissions are in the $exposedPermissions collection, and the type of permission (Scope | Role) is \n# described in $permissionType\nfunction AddResourcePermission(\n    $requiredAccess,\n    $exposedPermissions,\n    [string]$requiredAccesses,\n    [string]$permissionType)\n{\n        foreach($permission in $requiredAccesses.Trim().Split(\"|\"))\n        {\n            foreach($exposedPermission in $exposedPermissions)\n            {\n                if ($exposedPermission.Value -eq $permission)\n                {\n                    $resourceAccess = New-Object Microsoft.Open.MsGraph.Model.ResourceAccess\n                    $resourceAccess.Type = $permissionType # Scope = Delegated permissions | Role = Application permissions\n                    $resourceAccess.Id = $exposedPermission.Id # Read directory data\n                    $requiredAccess.ResourceAccess.Add($resourceAccess)\n                }\n            }\n        }\n}\n",[3240],{"type":223,"tag":339,"props":3241,"children":3242},{"__ignoreMap":207},[3243,3251,3259,3267,3283,3299,3315,3339,3363,3370,3433,3441,3474,3482,3517,3525,3551,3580,3610,3635,3643,3651,3659],{"type":223,"tag":343,"props":3244,"children":3245},{"class":345,"line":346},[3246],{"type":223,"tag":343,"props":3247,"children":3248},{"style":880},[3249],{"type":228,"value":3250},"# Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure\n",{"type":223,"tag":343,"props":3252,"children":3253},{"class":345,"line":429},[3254],{"type":223,"tag":343,"props":3255,"children":3256},{"style":880},[3257],{"type":228,"value":3258},"# The exposed permissions are in the $exposedPermissions collection, and the type of permission (Scope | Role) is \n",{"type":223,"tag":343,"props":3260,"children":3261},{"class":345,"line":467},[3262],{"type":223,"tag":343,"props":3263,"children":3264},{"style":880},[3265],{"type":228,"value":3266},"# described in $permissionType\n",{"type":223,"tag":343,"props":3268,"children":3269},{"class":345,"line":476},[3270,3274,3279],{"type":223,"tag":343,"props":3271,"children":3272},{"style":917},[3273],{"type":228,"value":1299},{"type":223,"tag":343,"props":3275,"children":3276},{"style":372},[3277],{"type":228,"value":3278}," AddResourcePermission",{"type":223,"tag":343,"props":3280,"children":3281},{"style":356},[3282],{"type":228,"value":1309},{"type":223,"tag":343,"props":3284,"children":3285},{"class":345,"line":486},[3286,3290,3295],{"type":223,"tag":343,"props":3287,"children":3288},{"style":356},[3289],{"type":228,"value":1469},{"type":223,"tag":343,"props":3291,"children":3292},{"style":383},[3293],{"type":228,"value":3294},"requiredAccess",{"type":223,"tag":343,"props":3296,"children":3297},{"style":356},[3298],{"type":228,"value":1341},{"type":223,"tag":343,"props":3300,"children":3301},{"class":345,"line":500},[3302,3306,3311],{"type":223,"tag":343,"props":3303,"children":3304},{"style":356},[3305],{"type":228,"value":1469},{"type":223,"tag":343,"props":3307,"children":3308},{"style":383},[3309],{"type":228,"value":3310},"exposedPermissions",{"type":223,"tag":343,"props":3312,"children":3313},{"style":356},[3314],{"type":228,"value":1341},{"type":223,"tag":343,"props":3316,"children":3317},{"class":345,"line":508},[3318,3322,3326,3330,3335],{"type":223,"tag":343,"props":3319,"children":3320},{"style":356},[3321],{"type":228,"value":1317},{"type":223,"tag":343,"props":3323,"children":3324},{"style":917},[3325],{"type":228,"value":1322},{"type":223,"tag":343,"props":3327,"children":3328},{"style":356},[3329],{"type":228,"value":2665},{"type":223,"tag":343,"props":3331,"children":3332},{"style":383},[3333],{"type":228,"value":3334},"requiredAccesses",{"type":223,"tag":343,"props":3336,"children":3337},{"style":356},[3338],{"type":228,"value":1341},{"type":223,"tag":343,"props":3340,"children":3341},{"class":345,"line":1118},[3342,3346,3350,3354,3359],{"type":223,"tag":343,"props":3343,"children":3344},{"style":356},[3345],{"type":228,"value":1317},{"type":223,"tag":343,"props":3347,"children":3348},{"style":917},[3349],{"type":228,"value":1322},{"type":223,"tag":343,"props":3351,"children":3352},{"style":356},[3353],{"type":228,"value":2665},{"type":223,"tag":343,"props":3355,"children":3356},{"style":383},[3357],{"type":228,"value":3358},"permissionType",{"type":223,"tag":343,"props":3360,"children":3361},{"style":356},[3362],{"type":228,"value":1167},{"type":223,"tag":343,"props":3364,"children":3365},{"class":345,"line":1144},[3366],{"type":223,"tag":343,"props":3367,"children":3368},{"style":356},[3369],{"type":228,"value":1461},{"type":223,"tag":343,"props":3371,"children":3372},{"class":345,"line":1170},[3373,3378,3382,3387,3392,3396,3401,3406,3411,3416,3420,3424,3428],{"type":223,"tag":343,"props":3374,"children":3375},{"style":350},[3376],{"type":228,"value":3377},"        foreach",{"type":223,"tag":343,"props":3379,"children":3380},{"style":356},[3381],{"type":228,"value":965},{"type":223,"tag":343,"props":3383,"children":3384},{"style":383},[3385],{"type":228,"value":3386},"permission ",{"type":223,"tag":343,"props":3388,"children":3389},{"style":350},[3390],{"type":228,"value":3391},"in",{"type":223,"tag":343,"props":3393,"children":3394},{"style":356},[3395],{"type":228,"value":765},{"type":223,"tag":343,"props":3397,"children":3398},{"style":383},[3399],{"type":228,"value":3400},"requiredAccesses.Trim",{"type":223,"tag":343,"props":3402,"children":3403},{"style":356},[3404],{"type":228,"value":3405},"()",{"type":223,"tag":343,"props":3407,"children":3408},{"style":383},[3409],{"type":228,"value":3410},".Split",{"type":223,"tag":343,"props":3412,"children":3413},{"style":356},[3414],{"type":228,"value":3415},"(",{"type":223,"tag":343,"props":3417,"children":3418},{"style":356},[3419],{"type":228,"value":401},{"type":223,"tag":343,"props":3421,"children":3422},{"style":404},[3423],{"type":228,"value":942},{"type":223,"tag":343,"props":3425,"children":3426},{"style":356},[3427],{"type":228,"value":401},{"type":223,"tag":343,"props":3429,"children":3430},{"style":356},[3431],{"type":228,"value":3432},"))\n",{"type":223,"tag":343,"props":3434,"children":3435},{"class":345,"line":1195},[3436],{"type":223,"tag":343,"props":3437,"children":3438},{"style":356},[3439],{"type":228,"value":3440},"        {\n",{"type":223,"tag":343,"props":3442,"children":3443},{"class":345,"line":1489},[3444,3449,3453,3458,3462,3466,3470],{"type":223,"tag":343,"props":3445,"children":3446},{"style":350},[3447],{"type":228,"value":3448},"            foreach",{"type":223,"tag":343,"props":3450,"children":3451},{"style":356},[3452],{"type":228,"value":965},{"type":223,"tag":343,"props":3454,"children":3455},{"style":383},[3456],{"type":228,"value":3457},"exposedPermission ",{"type":223,"tag":343,"props":3459,"children":3460},{"style":350},[3461],{"type":228,"value":3391},{"type":223,"tag":343,"props":3463,"children":3464},{"style":356},[3465],{"type":228,"value":765},{"type":223,"tag":343,"props":3467,"children":3468},{"style":383},[3469],{"type":228,"value":3310},{"type":223,"tag":343,"props":3471,"children":3472},{"style":356},[3473],{"type":228,"value":1167},{"type":223,"tag":343,"props":3475,"children":3476},{"class":345,"line":1511},[3477],{"type":223,"tag":343,"props":3478,"children":3479},{"style":356},[3480],{"type":228,"value":3481},"            {\n",{"type":223,"tag":343,"props":3483,"children":3484},{"class":345,"line":1537},[3485,3490,3494,3499,3504,3508,3513],{"type":223,"tag":343,"props":3486,"children":3487},{"style":350},[3488],{"type":228,"value":3489},"                if",{"type":223,"tag":343,"props":3491,"children":3492},{"style":356},[3493],{"type":228,"value":2718},{"type":223,"tag":343,"props":3495,"children":3496},{"style":383},[3497],{"type":228,"value":3498},"exposedPermission.Value ",{"type":223,"tag":343,"props":3500,"children":3501},{"style":356},[3502],{"type":228,"value":3503},"-eq",{"type":223,"tag":343,"props":3505,"children":3506},{"style":356},[3507],{"type":228,"value":765},{"type":223,"tag":343,"props":3509,"children":3510},{"style":383},[3511],{"type":228,"value":3512},"permission",{"type":223,"tag":343,"props":3514,"children":3515},{"style":356},[3516],{"type":228,"value":1167},{"type":223,"tag":343,"props":3518,"children":3519},{"class":345,"line":1563},[3520],{"type":223,"tag":343,"props":3521,"children":3522},{"style":356},[3523],{"type":228,"value":3524},"                {\n",{"type":223,"tag":343,"props":3526,"children":3527},{"class":345,"line":1589},[3528,3533,3538,3542,3546],{"type":223,"tag":343,"props":3529,"children":3530},{"style":356},[3531],{"type":228,"value":3532},"                    $",{"type":223,"tag":343,"props":3534,"children":3535},{"style":383},[3536],{"type":228,"value":3537},"resourceAccess ",{"type":223,"tag":343,"props":3539,"children":3540},{"style":356},[3541],{"type":228,"value":573},{"type":223,"tag":343,"props":3543,"children":3544},{"style":372},[3545],{"type":228,"value":904},{"type":223,"tag":343,"props":3547,"children":3548},{"style":383},[3549],{"type":228,"value":3550}," Microsoft.Open.MsGraph.Model.ResourceAccess\n",{"type":223,"tag":343,"props":3552,"children":3553},{"class":345,"line":1615},[3554,3558,3563,3567,3571,3575],{"type":223,"tag":343,"props":3555,"children":3556},{"style":356},[3557],{"type":228,"value":3532},{"type":223,"tag":343,"props":3559,"children":3560},{"style":383},[3561],{"type":228,"value":3562},"resourceAccess.Type ",{"type":223,"tag":343,"props":3564,"children":3565},{"style":356},[3566],{"type":228,"value":573},{"type":223,"tag":343,"props":3568,"children":3569},{"style":356},[3570],{"type":228,"value":765},{"type":223,"tag":343,"props":3572,"children":3573},{"style":383},[3574],{"type":228,"value":3044},{"type":223,"tag":343,"props":3576,"children":3577},{"style":880},[3578],{"type":228,"value":3579},"# Scope = Delegated permissions | Role = Application permissions\n",{"type":223,"tag":343,"props":3581,"children":3582},{"class":345,"line":1641},[3583,3587,3592,3596,3600,3605],{"type":223,"tag":343,"props":3584,"children":3585},{"style":356},[3586],{"type":228,"value":3532},{"type":223,"tag":343,"props":3588,"children":3589},{"style":383},[3590],{"type":228,"value":3591},"resourceAccess.Id ",{"type":223,"tag":343,"props":3593,"children":3594},{"style":356},[3595],{"type":228,"value":573},{"type":223,"tag":343,"props":3597,"children":3598},{"style":356},[3599],{"type":228,"value":765},{"type":223,"tag":343,"props":3601,"children":3602},{"style":383},[3603],{"type":228,"value":3604},"exposedPermission.Id ",{"type":223,"tag":343,"props":3606,"children":3607},{"style":880},[3608],{"type":228,"value":3609},"# Read directory data\n",{"type":223,"tag":343,"props":3611,"children":3612},{"class":345,"line":1663},[3613,3617,3622,3626,3631],{"type":223,"tag":343,"props":3614,"children":3615},{"style":356},[3616],{"type":228,"value":3532},{"type":223,"tag":343,"props":3618,"children":3619},{"style":383},[3620],{"type":228,"value":3621},"requiredAccess.ResourceAccess.Add",{"type":223,"tag":343,"props":3623,"children":3624},{"style":356},[3625],{"type":228,"value":965},{"type":223,"tag":343,"props":3627,"children":3628},{"style":383},[3629],{"type":228,"value":3630},"resourceAccess",{"type":223,"tag":343,"props":3632,"children":3633},{"style":356},[3634],{"type":228,"value":1167},{"type":223,"tag":343,"props":3636,"children":3637},{"class":345,"line":1694},[3638],{"type":223,"tag":343,"props":3639,"children":3640},{"style":356},[3641],{"type":228,"value":3642},"                }\n",{"type":223,"tag":343,"props":3644,"children":3645},{"class":345,"line":1712},[3646],{"type":223,"tag":343,"props":3647,"children":3648},{"style":356},[3649],{"type":228,"value":3650},"            }\n",{"type":223,"tag":343,"props":3652,"children":3653},{"class":345,"line":2941},[3654],{"type":223,"tag":343,"props":3655,"children":3656},{"style":356},[3657],{"type":228,"value":3658},"        }\n",{"type":223,"tag":343,"props":3660,"children":3661},{"class":345,"line":2949},[3662],{"type":223,"tag":343,"props":3663,"children":3664},{"style":356},[3665],{"type":228,"value":473},{"type":223,"tag":242,"props":3667,"children":3669},{"id":3668},"using-the-script-in-an-azure-pipeline",[3670],{"type":228,"value":3671},"Using the script in an Azure Pipeline",{"type":223,"tag":224,"props":3673,"children":3674},{},[3675,3677,3684],{"type":228,"value":3676},"To execute this script in the Azure pipeline that deploys and configures the rest of the application infrastructure we can use an ",{"type":223,"tag":231,"props":3678,"children":3681},{"href":3679,"rel":3680},"https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-powershell?view=azure-devops",[235],[3682],{"type":228,"value":3683},"Azure PowerShell task",{"type":228,"value":240},{"type":223,"tag":224,"props":3686,"children":3687},{},[3688],{"type":228,"value":3689},"The task of the Azure Pipeline will look like this:",{"type":223,"tag":332,"props":3691,"children":3695},{"className":3692,"code":3693,"language":3694,"meta":207,"style":207},"language-yaml shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","- task: AzurePowerShell@5\n  displayName: 'Configure Teams tab SSO'\n  inputs:\n    azureSubscription: 'My Azure Service Connection'\n    ScriptType: 'FilePath'\n    ScriptPath: 'infra/AdditionalScripts/ConfigureTeamsTabSSO.ps1'\n    ScriptArguments: \n      -applicationObjectId $(AzureAdObjectId) `\n      -customDomainName $(CustomDomainName)\n    azurePowerShellVersion: 'LatestVersion'\n","yaml",[3696],{"type":223,"tag":339,"props":3697,"children":3698},{"__ignoreMap":207},[3699,3722,3747,3760,3785,3810,3835,3851,3859,3867],{"type":223,"tag":343,"props":3700,"children":3701},{"class":345,"line":346},[3702,3706,3712,3717],{"type":223,"tag":343,"props":3703,"children":3704},{"style":356},[3705],{"type":228,"value":391},{"type":223,"tag":343,"props":3707,"children":3709},{"style":3708},"--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178",[3710],{"type":228,"value":3711}," task",{"type":223,"tag":343,"props":3713,"children":3714},{"style":356},[3715],{"type":228,"value":3716},":",{"type":223,"tag":343,"props":3718,"children":3719},{"style":404},[3720],{"type":228,"value":3721}," AzurePowerShell@5\n",{"type":223,"tag":343,"props":3723,"children":3724},{"class":345,"line":429},[3725,3730,3734,3738,3743],{"type":223,"tag":343,"props":3726,"children":3727},{"style":3708},[3728],{"type":228,"value":3729},"  displayName",{"type":223,"tag":343,"props":3731,"children":3732},{"style":356},[3733],{"type":228,"value":3716},{"type":223,"tag":343,"props":3735,"children":3736},{"style":356},[3737],{"type":228,"value":1768},{"type":223,"tag":343,"props":3739,"children":3740},{"style":404},[3741],{"type":228,"value":3742},"Configure Teams tab SSO",{"type":223,"tag":343,"props":3744,"children":3745},{"style":356},[3746],{"type":228,"value":1778},{"type":223,"tag":343,"props":3748,"children":3749},{"class":345,"line":467},[3750,3755],{"type":223,"tag":343,"props":3751,"children":3752},{"style":3708},[3753],{"type":228,"value":3754},"  inputs",{"type":223,"tag":343,"props":3756,"children":3757},{"style":356},[3758],{"type":228,"value":3759},":\n",{"type":223,"tag":343,"props":3761,"children":3762},{"class":345,"line":476},[3763,3768,3772,3776,3781],{"type":223,"tag":343,"props":3764,"children":3765},{"style":3708},[3766],{"type":228,"value":3767},"    azureSubscription",{"type":223,"tag":343,"props":3769,"children":3770},{"style":356},[3771],{"type":228,"value":3716},{"type":223,"tag":343,"props":3773,"children":3774},{"style":356},[3775],{"type":228,"value":1768},{"type":223,"tag":343,"props":3777,"children":3778},{"style":404},[3779],{"type":228,"value":3780},"My Azure Service Connection",{"type":223,"tag":343,"props":3782,"children":3783},{"style":356},[3784],{"type":228,"value":1778},{"type":223,"tag":343,"props":3786,"children":3787},{"class":345,"line":486},[3788,3793,3797,3801,3806],{"type":223,"tag":343,"props":3789,"children":3790},{"style":3708},[3791],{"type":228,"value":3792},"    ScriptType",{"type":223,"tag":343,"props":3794,"children":3795},{"style":356},[3796],{"type":228,"value":3716},{"type":223,"tag":343,"props":3798,"children":3799},{"style":356},[3800],{"type":228,"value":1768},{"type":223,"tag":343,"props":3802,"children":3803},{"style":404},[3804],{"type":228,"value":3805},"FilePath",{"type":223,"tag":343,"props":3807,"children":3808},{"style":356},[3809],{"type":228,"value":1778},{"type":223,"tag":343,"props":3811,"children":3812},{"class":345,"line":500},[3813,3818,3822,3826,3831],{"type":223,"tag":343,"props":3814,"children":3815},{"style":3708},[3816],{"type":228,"value":3817},"    ScriptPath",{"type":223,"tag":343,"props":3819,"children":3820},{"style":356},[3821],{"type":228,"value":3716},{"type":223,"tag":343,"props":3823,"children":3824},{"style":356},[3825],{"type":228,"value":1768},{"type":223,"tag":343,"props":3827,"children":3828},{"style":404},[3829],{"type":228,"value":3830},"infra/AdditionalScripts/ConfigureTeamsTabSSO.ps1",{"type":223,"tag":343,"props":3832,"children":3833},{"style":356},[3834],{"type":228,"value":1778},{"type":223,"tag":343,"props":3836,"children":3837},{"class":345,"line":508},[3838,3843,3847],{"type":223,"tag":343,"props":3839,"children":3840},{"style":3708},[3841],{"type":228,"value":3842},"    ScriptArguments",{"type":223,"tag":343,"props":3844,"children":3845},{"style":356},[3846],{"type":228,"value":3716},{"type":223,"tag":343,"props":3848,"children":3849},{"style":383},[3850],{"type":228,"value":426},{"type":223,"tag":343,"props":3852,"children":3853},{"class":345,"line":1118},[3854],{"type":223,"tag":343,"props":3855,"children":3856},{"style":404},[3857],{"type":228,"value":3858},"      -applicationObjectId $(AzureAdObjectId) `\n",{"type":223,"tag":343,"props":3860,"children":3861},{"class":345,"line":1144},[3862],{"type":223,"tag":343,"props":3863,"children":3864},{"style":404},[3865],{"type":228,"value":3866},"      -customDomainName $(CustomDomainName)\n",{"type":223,"tag":343,"props":3868,"children":3869},{"class":345,"line":1170},[3870,3875,3879,3883,3888],{"type":223,"tag":343,"props":3871,"children":3872},{"style":3708},[3873],{"type":228,"value":3874},"    azurePowerShellVersion",{"type":223,"tag":343,"props":3876,"children":3877},{"style":356},[3878],{"type":228,"value":3716},{"type":223,"tag":343,"props":3880,"children":3881},{"style":356},[3882],{"type":228,"value":1768},{"type":223,"tag":343,"props":3884,"children":3885},{"style":404},[3886],{"type":228,"value":3887},"LatestVersion",{"type":223,"tag":343,"props":3889,"children":3890},{"style":356},[3891],{"type":228,"value":1778},{"type":223,"tag":224,"props":3893,"children":3894},{},[3895,3897,3902,3904,3911],{"type":228,"value":3896},"The advantage is that this task will connect to Azure with an Azure Service Connection that has enough rights to execute the Azure AD commands in this script. However, it involves passing to the ",{"type":223,"tag":339,"props":3898,"children":3900},{"className":3899},[],[3901],{"type":228,"value":514},{"type":228,"value":3903}," command the access token of the Service Principal associated with the Azure Service Connection. This can easily be done as I found out in ",{"type":223,"tag":231,"props":3905,"children":3908},{"href":3906,"rel":3907},"https://stackoverflow.com/questions/60185213/automate-connect-azuread-using-powershell-in-azure-devops",[235],[3909],{"type":228,"value":3910},"a StackOverflow post",{"type":228,"value":240},{"type":223,"tag":332,"props":3913,"children":3915},{"className":334,"code":3914,"language":336,"meta":207,"style":207},"$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext\n$graphToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, \"https://graph.microsoft.com\").AccessToken\n$aadToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, \"https://graph.windows.net\").AccessToken\nConnect-AzureAD -AadAccessToken $aadToken -MsAccessToken $graphToken -AccountId $context.Account.Id -TenantId $context.tenant.id\n",[3916],{"type":223,"tag":339,"props":3917,"children":3918},{"__ignoreMap":207},[3919,3954,4082,4199],{"type":223,"tag":343,"props":3920,"children":3921},{"class":345,"line":346},[3922,3926,3931,3935,3940,3945,3949],{"type":223,"tag":343,"props":3923,"children":3924},{"style":356},[3925],{"type":228,"value":528},{"type":223,"tag":343,"props":3927,"children":3928},{"style":383},[3929],{"type":228,"value":3930},"context ",{"type":223,"tag":343,"props":3932,"children":3933},{"style":356},[3934],{"type":228,"value":573},{"type":223,"tag":343,"props":3936,"children":3937},{"style":356},[3938],{"type":228,"value":3939}," [",{"type":223,"tag":343,"props":3941,"children":3942},{"style":917},[3943],{"type":228,"value":3944},"Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider",{"type":223,"tag":343,"props":3946,"children":3947},{"style":356},[3948],{"type":228,"value":1327},{"type":223,"tag":343,"props":3950,"children":3951},{"style":383},[3952],{"type":228,"value":3953},"::Instance.Profile.DefaultContext\n",{"type":223,"tag":343,"props":3955,"children":3956},{"class":345,"line":429},[3957,3961,3966,3970,3974,3979,3983,3988,3992,3997,4002,4006,4011,4015,4019,4024,4029,4034,4038,4043,4047,4052,4056,4060,4064,4069,4073,4077],{"type":223,"tag":343,"props":3958,"children":3959},{"style":356},[3960],{"type":228,"value":528},{"type":223,"tag":343,"props":3962,"children":3963},{"style":383},[3964],{"type":228,"value":3965},"graphToken ",{"type":223,"tag":343,"props":3967,"children":3968},{"style":356},[3969],{"type":228,"value":573},{"type":223,"tag":343,"props":3971,"children":3972},{"style":356},[3973],{"type":228,"value":3939},{"type":223,"tag":343,"props":3975,"children":3976},{"style":917},[3977],{"type":228,"value":3978},"Microsoft.Azure.Commands.Common.Authentication.AzureSession",{"type":223,"tag":343,"props":3980,"children":3981},{"style":356},[3982],{"type":228,"value":1327},{"type":223,"tag":343,"props":3984,"children":3985},{"style":383},[3986],{"type":228,"value":3987},"::Instance.AuthenticationFactory.Authenticate",{"type":223,"tag":343,"props":3989,"children":3990},{"style":356},[3991],{"type":228,"value":965},{"type":223,"tag":343,"props":3993,"children":3994},{"style":383},[3995],{"type":228,"value":3996},"context.Account",{"type":223,"tag":343,"props":3998,"children":3999},{"style":356},[4000],{"type":228,"value":4001},",",{"type":223,"tag":343,"props":4003,"children":4004},{"style":356},[4005],{"type":228,"value":765},{"type":223,"tag":343,"props":4007,"children":4008},{"style":383},[4009],{"type":228,"value":4010},"context.Environment",{"type":223,"tag":343,"props":4012,"children":4013},{"style":356},[4014],{"type":228,"value":4001},{"type":223,"tag":343,"props":4016,"children":4017},{"style":356},[4018],{"type":228,"value":765},{"type":223,"tag":343,"props":4020,"children":4021},{"style":383},[4022],{"type":228,"value":4023},"context.Tenant.Id.ToString",{"type":223,"tag":343,"props":4025,"children":4026},{"style":356},[4027],{"type":228,"value":4028},"(),",{"type":223,"tag":343,"props":4030,"children":4031},{"style":356},[4032],{"type":228,"value":4033}," $null,",{"type":223,"tag":343,"props":4035,"children":4036},{"style":356},[4037],{"type":228,"value":3939},{"type":223,"tag":343,"props":4039,"children":4040},{"style":917},[4041],{"type":228,"value":4042},"Microsoft.Azure.Commands.Common.Authentication.ShowDialog",{"type":223,"tag":343,"props":4044,"children":4045},{"style":356},[4046],{"type":228,"value":1327},{"type":223,"tag":343,"props":4048,"children":4049},{"style":383},[4050],{"type":228,"value":4051},"::Never",{"type":223,"tag":343,"props":4053,"children":4054},{"style":356},[4055],{"type":228,"value":4001},{"type":223,"tag":343,"props":4057,"children":4058},{"style":356},[4059],{"type":228,"value":4033},{"type":223,"tag":343,"props":4061,"children":4062},{"style":356},[4063],{"type":228,"value":1682},{"type":223,"tag":343,"props":4065,"children":4066},{"style":404},[4067],{"type":228,"value":4068},"https://graph.microsoft.com",{"type":223,"tag":343,"props":4070,"children":4071},{"style":356},[4072],{"type":228,"value":401},{"type":223,"tag":343,"props":4074,"children":4075},{"style":356},[4076],{"type":228,"value":975},{"type":223,"tag":343,"props":4078,"children":4079},{"style":383},[4080],{"type":228,"value":4081},".AccessToken\n",{"type":223,"tag":343,"props":4083,"children":4084},{"class":345,"line":467},[4085,4089,4094,4098,4102,4106,4110,4114,4118,4122,4126,4130,4134,4138,4142,4146,4150,4154,4158,4162,4166,4170,4174,4178,4182,4187,4191,4195],{"type":223,"tag":343,"props":4086,"children":4087},{"style":356},[4088],{"type":228,"value":528},{"type":223,"tag":343,"props":4090,"children":4091},{"style":383},[4092],{"type":228,"value":4093},"aadToken ",{"type":223,"tag":343,"props":4095,"children":4096},{"style":356},[4097],{"type":228,"value":573},{"type":223,"tag":343,"props":4099,"children":4100},{"style":356},[4101],{"type":228,"value":3939},{"type":223,"tag":343,"props":4103,"children":4104},{"style":917},[4105],{"type":228,"value":3978},{"type":223,"tag":343,"props":4107,"children":4108},{"style":356},[4109],{"type":228,"value":1327},{"type":223,"tag":343,"props":4111,"children":4112},{"style":383},[4113],{"type":228,"value":3987},{"type":223,"tag":343,"props":4115,"children":4116},{"style":356},[4117],{"type":228,"value":965},{"type":223,"tag":343,"props":4119,"children":4120},{"style":383},[4121],{"type":228,"value":3996},{"type":223,"tag":343,"props":4123,"children":4124},{"style":356},[4125],{"type":228,"value":4001},{"type":223,"tag":343,"props":4127,"children":4128},{"style":356},[4129],{"type":228,"value":765},{"type":223,"tag":343,"props":4131,"children":4132},{"style":383},[4133],{"type":228,"value":4010},{"type":223,"tag":343,"props":4135,"children":4136},{"style":356},[4137],{"type":228,"value":4001},{"type":223,"tag":343,"props":4139,"children":4140},{"style":356},[4141],{"type":228,"value":765},{"type":223,"tag":343,"props":4143,"children":4144},{"style":383},[4145],{"type":228,"value":4023},{"type":223,"tag":343,"props":4147,"children":4148},{"style":356},[4149],{"type":228,"value":4028},{"type":223,"tag":343,"props":4151,"children":4152},{"style":356},[4153],{"type":228,"value":4033},{"type":223,"tag":343,"props":4155,"children":4156},{"style":356},[4157],{"type":228,"value":3939},{"type":223,"tag":343,"props":4159,"children":4160},{"style":917},[4161],{"type":228,"value":4042},{"type":223,"tag":343,"props":4163,"children":4164},{"style":356},[4165],{"type":228,"value":1327},{"type":223,"tag":343,"props":4167,"children":4168},{"style":383},[4169],{"type":228,"value":4051},{"type":223,"tag":343,"props":4171,"children":4172},{"style":356},[4173],{"type":228,"value":4001},{"type":223,"tag":343,"props":4175,"children":4176},{"style":356},[4177],{"type":228,"value":4033},{"type":223,"tag":343,"props":4179,"children":4180},{"style":356},[4181],{"type":228,"value":1682},{"type":223,"tag":343,"props":4183,"children":4184},{"style":404},[4185],{"type":228,"value":4186},"https://graph.windows.net",{"type":223,"tag":343,"props":4188,"children":4189},{"style":356},[4190],{"type":228,"value":401},{"type":223,"tag":343,"props":4192,"children":4193},{"style":356},[4194],{"type":228,"value":975},{"type":223,"tag":343,"props":4196,"children":4197},{"style":383},[4198],{"type":228,"value":4081},{"type":223,"tag":343,"props":4200,"children":4201},{"class":345,"line":476},[4202,4206,4210,4215,4219,4223,4227,4232,4236,4240,4244,4249,4253,4258,4262,4266,4270],{"type":223,"tag":343,"props":4203,"children":4204},{"style":372},[4205],{"type":228,"value":514},{"type":223,"tag":343,"props":4207,"children":4208},{"style":356},[4209],{"type":228,"value":380},{"type":223,"tag":343,"props":4211,"children":4212},{"style":383},[4213],{"type":228,"value":4214},"AadAccessToken ",{"type":223,"tag":343,"props":4216,"children":4217},{"style":356},[4218],{"type":228,"value":528},{"type":223,"tag":343,"props":4220,"children":4221},{"style":383},[4222],{"type":228,"value":4093},{"type":223,"tag":343,"props":4224,"children":4225},{"style":356},[4226],{"type":228,"value":391},{"type":223,"tag":343,"props":4228,"children":4229},{"style":383},[4230],{"type":228,"value":4231},"MsAccessToken ",{"type":223,"tag":343,"props":4233,"children":4234},{"style":356},[4235],{"type":228,"value":528},{"type":223,"tag":343,"props":4237,"children":4238},{"style":383},[4239],{"type":228,"value":3965},{"type":223,"tag":343,"props":4241,"children":4242},{"style":356},[4243],{"type":228,"value":391},{"type":223,"tag":343,"props":4245,"children":4246},{"style":383},[4247],{"type":228,"value":4248},"AccountId ",{"type":223,"tag":343,"props":4250,"children":4251},{"style":356},[4252],{"type":228,"value":528},{"type":223,"tag":343,"props":4254,"children":4255},{"style":383},[4256],{"type":228,"value":4257},"context.Account.Id ",{"type":223,"tag":343,"props":4259,"children":4260},{"style":356},[4261],{"type":228,"value":391},{"type":223,"tag":343,"props":4263,"children":4264},{"style":383},[4265],{"type":228,"value":523},{"type":223,"tag":343,"props":4267,"children":4268},{"style":356},[4269],{"type":228,"value":528},{"type":223,"tag":343,"props":4271,"children":4272},{"style":383},[4273],{"type":228,"value":4274},"context.tenant.id\n",{"type":223,"tag":311,"props":4276,"children":4278},{"id":4277},"summary",[4279],{"type":228,"value":4280},"Summary",{"type":223,"tag":224,"props":4282,"children":4283},{},[4284,4286,4292],{"type":228,"value":4285},"In this post, I wanted to show the different steps to configure Teams Tab SSO in PowerShell. The final script can be found ",{"type":223,"tag":231,"props":4287,"children":4289},{"href":233,"rel":4288},[235],[4290],{"type":228,"value":4291},"here",{"type":228,"value":4293}," and is directly used in an Azure pipeline to automate this configuration. Although it does the job, I hope doing such Azure AD configurations will be supported soon in Pulumi as it would have been easier to set it up instead of coming up with a big PowerShell script like this which is not idempotent.",{"type":223,"tag":4295,"props":4296,"children":4297},"style",{},[4298],{"type":228,"value":4299},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":207,"searchDepth":429,"depth":429,"links":4301},[4302,4303,4312],{"id":244,"depth":429,"text":247},{"id":278,"depth":429,"text":281,"children":4304},[4305,4306,4307,4308,4309,4310,4311],{"id":313,"depth":467,"text":316},{"id":541,"depth":467,"text":544},{"id":646,"depth":467,"text":649},{"id":721,"depth":467,"text":724},{"id":844,"depth":467,"text":847},{"id":1720,"depth":467,"text":1723},{"id":2323,"depth":467,"text":2326},{"id":3668,"depth":429,"text":3671,"children":4313},[4314],{"id":4277,"depth":467,"text":4280},"markdown","content:1.posts:7.teams-sso-powershell.md","content","1.posts/7.teams-sso-powershell.md","md",[4321,4333],{"_path":31,"_dir":205,"_draft":206,"_partial":206,"_locale":207,"title":30,"description":4322,"lead":4323,"date":4324,"image":4325,"badge":4327,"tags":4329,"_type":4315,"_id":4331,"_source":4317,"_file":4332,"_extension":4319},"Exploring essential technology watch strategies for developers, including leveraging blogs, microblogging platforms, and community engagement","Starting your journey with blogs and bloggings/microblogging platforms.","2020-09-16T00:00:00.000Z",{"src":4326},"/images/library_1.jpg",{"label":4328},"Essay",[4330],"learning","content:1.posts:8.technology-watch-part1.md","1.posts/8.technology-watch-part1.md",{"_path":25,"_dir":205,"_draft":206,"_partial":206,"_locale":207,"title":24,"description":4334,"lead":4335,"date":4336,"image":4337,"badge":4339,"tags":4341,"_type":4315,"_id":4346,"_source":4317,"_file":4347,"_extension":4319},"When working on a git repository, I often have to manually delete old local branches that I don't use anymore. That's not a huge waste of time but still, that's something I have to do quite often so I decided to automate that.","Playing with Nushell to create a useful git alias to delete unused local git branches.","2020-04-06T00:00:00.000Z",{"src":4338},"/images/branches_1.jpg",{"label":4340},"Tips",[4342,4343,4344,4345],"tooling","git","shell","nushell","content:1.posts:6.cleaning-git-branches.md","1.posts/6.cleaning-git-branches.md",1716749602119]