[{"data":1,"prerenderedAt":4508},["Reactive",2],{"navigation":3,"aAII9Cz3yR":204,"tags-Microsoft Teams":397},[4,192,200],{"title":5,"_path":6,"children":7,"icon":191},"Blog","/posts",[8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59,62,65,68,71,74,77,80,83,86,89,92,95,98,101,104,107,110,113,116,119,122,125,128,131,134,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,188],{"title":9,"_path":10},"Testing your API with REST Client","/posts/testing-your-api-with-rest-client",{"title":12,"_path":13},"HTML templating in Xamarin","/posts/html-templating-in-xamarin",{"title":15,"_path":16},"Goodbye Azure Portal, Welcome Azure CLI","/posts/welcome-azure-cli",{"title":18,"_path":19},"Coming across Gitpod","/posts/gitpod",{"title":21,"_path":22},"Handle token retrieval while querying an API","/posts/delegating-handler",{"title":24,"_path":25},"Clean up your local git branches.","/posts/cleaning-git-branches",{"title":27,"_path":28},"Automate configuration of Teams Tab SSO with PowerShell.","/posts/teams-sso-powershell",{"title":30,"_path":31},"How to do a technology watch? - Part 1","/posts/technology-watch-part1",{"title":33,"_path":34},"How to do a technology watch? - Part 2","/posts/technology-watch-part2",{"title":36,"_path":37},"You almost no longer need Key Vault references for Azure Functions.","/posts/azure-functions-custom-configuration",{"title":39,"_path":40},"How to do a technology watch? - Part 3","/posts/technology-watch-part3",{"title":42,"_path":43},"Forget DevOps, the future is already here!","/posts/devops-future",{"title":45,"_path":46},"Week 9, 2021 - Tips I learned this week","/posts/w09-2021-tips-learned-this-week",{"title":48,"_path":49},"Week 12, 2021 - Tips I learned this week","/posts/w12-2021-tips-learned-this-week",{"title":51,"_path":52},"Week 14, 2021 - Tips I learned this week","/posts/w14-2021-tips-learned-this-week",{"title":54,"_path":55},"Once upon a time in .NET","/posts/once-upon-a-time-in-dotnet",{"title":57,"_path":58},"Install your applications with winget","/posts/winget-import",{"title":60,"_path":61},"Customize your applications when installing them with winget","/posts/winget-override",{"title":63,"_path":64},"Week 22, 2021 - Tips I learned this week","/posts/w22-2021-tips-learned-this-week",{"title":66,"_path":67},"How to connect to an Azure SQL Database from C# using Azure AD","/posts/sqlclient-active-directory-authent",{"title":69,"_path":70},"Producing packages for Windows Package Manager","/posts/wingetcreate",{"title":72,"_path":73},"4 tips about GitHub Actions environment variables and contexts","/posts/github-actions-var-and-context",{"title":75,"_path":76},"AzureWebJobsStorage, the secret you don't need in your Function App.","/posts/azure-functions-without-azurewebjobsstorage",{"title":78,"_path":79},"ASP.NET Core - Lost in configuration","/posts/lost-in-configuration",{"title":81,"_path":82},"Week 39, 2021 - Tips I learned this week","/posts/w39-2021-tips-learned-this-week",{"title":84,"_path":85},"Week 41, 2021 - Tips I learned this week","/posts/w41-2021-tips-learned-this-week",{"title":87,"_path":88},"Migrating and open-sourcing my blog","/posts/migrating-blog",{"title":90,"_path":91},"Week 45, 2021 - Tips I learned this week","/posts/w45-2021-tips-learned-this-week",{"title":93,"_path":94},"Organize your GitHub stars with Astral","/posts/astral",{"title":96,"_path":97},"Pulumi with an Azure Blob Storage backend","/posts/pulumi-azure-backend",{"title":99,"_path":100},"IaC Hot Reload with Pulumi Watch","/posts/pulumi-watch",{"title":102,"_path":103},"Week 2, 2022 - Tips I learned this week","/posts/w02-2022-tips-learned-this-week",{"title":105,"_path":106},"Week 3, 2022 - Tips I learned this week","/posts/w03-2022-tips-learned-this-week",{"title":108,"_path":109},"Week 5, 2022 - Tips I learned this week","/posts/w05-2022-tips-learned-this-week",{"title":111,"_path":112},"How to provision an Azure SQL Database with Active Directory authentication","/posts/sqldatabase-active-directory-authent",{"title":114,"_path":115},"Why will I choose Pulumi over Terraform for my next project?","/posts/pulumi-vs-terraform",{"title":117,"_path":118},"Week 19, 2022 - Tips I learned this week","/posts/w19-2022-tips-learned-this-week",{"title":120,"_path":121},"Week 20, 2022 - Tips I learned this week","/posts/w20-2022-tips-learned-this-week",{"title":123,"_path":124},"Keeping secrets secure when using API Clients","/posts/http-clients-secrets",{"title":126,"_path":127},"What made me want to be a developer?","/posts/be-a-developer",{"title":129,"_path":130},"What can we do when stuck with a programming problem?","/posts/get-unstuck",{"title":132,"_path":133},"How did I automate the setup of my developer Windows laptop?","/posts/automate-developer-machine",{"title":135,"_path":136},"Discussion about API clients","/posts/http-clients",{"title":138,"_path":139},"Week 46, 2022 - Tips I learned this week","/posts/w46-2022-tips-learned-this-week",{"title":141,"_path":142},"When Pulumi met Nuke: a .NET love story","/posts/when-pulumi-met-nuke",{"title":144,"_path":145},"A year of learning and sharing - Dev Retro 2022","/posts/2022-retro",{"title":147,"_path":148},"Perform Dynamic Execution of an npm Package","/posts/pnpm-dlx",{"title":150,"_path":151},"Manage multiple Node.js versions","/posts/pnpm-env",{"title":153,"_path":154},"Introducing the Vue.js CI/CD series","/posts/vuecicd-introduction",{"title":156,"_path":157},"Execute commands using your project dependencies","/posts/pnpm-exec",{"title":159,"_path":160},"Vue.js CI/CD: Continuous Integration","/posts/vuecicd-ci",{"title":162,"_path":163},"Who is using pnpm?","/posts/pnpm-who-is-using",{"title":165,"_path":166},"Create an Azure-Ready GitHub Repository using Pulumi","/posts/azure-ready-github-repository",{"title":168,"_path":169},"Deploying to Azure from Azure DevOps without secrets","/posts/ado-workload-identity-federation",{"title":171,"_path":172},"Effortlessly Configure GitHub Repositories for Azure Deployment via OIDC","/posts/scripting-azure-ready-github-repository",{"title":174,"_path":175},"Playing with the .NET 8 Web API template","/posts/playing-with-dotnet8",{"title":177,"_path":178},"Another year of sharing and learning - Dev Retro 2023","/posts/2023-retro",{"title":180,"_path":181},"Week 4, 2024 - Tips I learned this week","/posts/w04-2024-tips-learned-this-week",{"title":183,"_path":184},"Using dependency injection with Azure .NET SDK","/posts/azure-sdk-di",{"title":186,"_path":187},"Having Fun With IT Event Calendars","/posts/it-event-calendars",{"title":189,"_path":190},"Call your Azure AD B2C protected API with authenticated HTTP requests from your JetBrains IDE","/posts/http-clients-oauth2","i-heroicons-newspaper",{"title":193,"_path":194,"children":195,"icon":199},"Goodies","/goodies",[196],{"title":197,"_path":198},"My Git Cheat Sheet","/goodies/gitcheatsheet","i-heroicons-gift-solid",{"title":201,"_path":202,"icon":203},"About","/about","i-heroicons-user-circle-solid",[205,207,209,211,214,217,220,223,226,229,231,234,237,240,242,244,247,250,253,255,258,261,264,267,270,273,276,279,282,285,287,289,292,294,297,300,303,305,308,310,313,316,319,322,325,327,329,332,335,338,341,344,347,350,353,356,359,361,363,366,369,372,375,377,380,383,385,388,391,394],[206,206],"tooling",[208,208],"vscode",[210,210],"rest",[212,213],"http","HTTP",[215,216],"razor","Razor",[218,219],"xamarin","Xamarin",[221,222],"templating","Templating",[224,225],"azure-cli","Azure CLI",[227,228],"azure","Azure",[230,230],"shell",[232,233],"github","GitHub",[235,236],"asp-net-core","ASP.NET Core",[238,239],"net",".NET",[241,241],"git",[243,243],"nushell",[245,246],"microsoft-teams","Microsoft Teams",[248,249],"powershell","PowerShell",[251,252],"azure-active-directory","Azure Active Directory",[254,254],"learning",[256,257],"azure-functions","Azure Functions",[259,260],"azure-key-vault","Azure Key Vault",[262,263],"configuration","Configuration",[265,266],"devops","DevOps",[268,269],"it","IT",[271,272],"tips-learned-this-week","tips learned this week",[274,275],"windows-terminal","Windows Terminal",[277,278],"azure-pipelines","Azure Pipelines",[280,281],"application-insights","Application Insights",[283,284],"azure-iot","Azure IoT",[286,286],"records",[288,288],"refit",[290,291],"development-box-setup","development box setup",[293,293],"winget",[295,296],"package-manager","package manager",[298,299],"azure-sql-database","Azure SQL Database",[301,302],"azure-sdk","Azure SDK",[304,304],"wingetcreate",[306,307],"github-actions","GitHub Actions",[309,309],"jq",[311,312],"pulumi","Pulumi",[314,315],"iac","IaC",[317,318],"azure-storage","Azure Storage",[320,321],"azure-signalr","Azure SignalR",[323,324],"visio","Visio",[326,326],"csharp",[328,328],"jest",[330,331],"statiq","Statiq",[333,334],"open-source","open source",[336,337],"visual-studio","Visual Studio",[339,340],"vue-js","Vue.js",[342,343],"azure-devops","Azure DevOps",[345,346],"vite","Vite",[348,349],"code-analysis","Code analysis",[351,352],"diagram","Diagram",[354,355],"terraform","Terraform",[357,358],"typescript","TypeScript",[360,360],"thoughts",[362,362],"pnpm",[364,365],"nuke","Nuke",[367,368],"pipelines","Pipelines",[370,371],"cicd","CI/CD",[373,374],"openid-connect","OpenID Connect",[376,376],"security",[378,379],"github-cli","GitHub CLI",[381,382],"microsoft-entra-id","Microsoft Entra ID",[384,384],"advent",[386,387],"finops","FinOps",[389,390],"anglesharp","AngleSharp",[392,393],"oauth2","OAuth2",[395,396],"azure-ad-b2c","Azure AD B2C",[398],{"_path":28,"_dir":399,"_draft":400,"_partial":400,"_locale":401,"title":27,"description":402,"lead":403,"date":404,"image":405,"badge":407,"tags":408,"body":409,"_type":4503,"_id":4504,"_source":4505,"_file":4506,"_extension":4507},"posts",false,"","If you have no interest in reading the blog post and just want the final script, you can find it on this GitHub repository.","Creating a PowerShell script to configure SSO for the tab of a Teams application.","2020-06-15T00:00:00.000Z",{"src":406},"/images/shell_1.jpg",{"label":266},[246,249,252],{"type":410,"children":411,"toc":4488},"root",[412,431,438,451,465,471,494,499,506,520,722,727,733,738,785,798,832,838,851,907,913,926,1030,1036,1056,1423,1435,1906,1912,1917,2269,2274,2509,2515,2529,2730,2743,3404,3424,3854,3860,3873,3878,4080,4100,4463,4469,4482],{"type":413,"tag":414,"props":415,"children":416},"element","p",{},[417,420,429],{"type":418,"value":419},"text","If you have no interest in reading the blog post and just want the final script, you can find it on this ",{"type":413,"tag":421,"props":422,"children":426},"a",{"href":423,"rel":424},"https://github.com/TechWatching/TeamsDev/blob/master/infra/Scripts/ConfigureTeamsTabSSO.ps1",[425],"nofollow",[427],{"type":418,"value":428},"GitHub repository",{"type":418,"value":430},".",{"type":413,"tag":432,"props":433,"children":435},"h2",{"id":434},"context",[436],{"type":418,"value":437},"Context",{"type":413,"tag":414,"props":439,"children":440},{},[441,443,449],{"type":418,"value":442},"Several months ago, I supervised a student project aiming at developing a Teams application for my company. The application is mainly composed of a tab where Human Resources people can see information about arrivals and departures in the company. Once the project was finished and the first version of the application was available, I provisioned the application infrastructure on my company Azure tenant using ",{"type":413,"tag":421,"props":444,"children":447},{"href":445,"rel":446},"https://www.pulumi.com/",[425],[448],{"type":418,"value":312},{"type":418,"value":450}," which is a nice infrastructure as code platform.",{"type":413,"tag":414,"props":452,"children":453},{},[454,456,463],{"type":418,"value":455},"However, configuring Single Sign-On for the tab of the application did not seem possible with Pulumi as it internally uses Terraform Provider for AzureAD which at the time of writing doesn't have all functionalities necessary to configure this. The ",{"type":413,"tag":421,"props":457,"children":460},{"href":458,"rel":459},"http://aka.ms/teams-sso",[425],[461],{"type":418,"value":462},"documentation about SSO for Teams tab",{"type":418,"value":464}," currently lists all the steps necessary to configure it from the Azure Portal, however, it mentions nothing about automating it, hence this blog post.",{"type":413,"tag":432,"props":466,"children":468},{"id":467},"steps-to-create-the-powershell-script",[469],{"type":418,"value":470},"Steps to create the PowerShell script",{"type":413,"tag":414,"props":472,"children":473},{},[474,476,483,485,492],{"type":418,"value":475},"Usually, I prefer Azure CLI to PowerShell as I find it easier to find commands I need, but Azure CLI doesn't have yet the necessary commands. Most of the code comes from ",{"type":413,"tag":421,"props":477,"children":480},{"href":478,"rel":479},"https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/blob/master/3.-Web-api-call-Microsoft-graph-for-personal-accounts/AppCreationScripts/Configure.ps1",[425],[481],{"type":418,"value":482},"this script",{"type":418,"value":484}," located in a repository of the ",{"type":413,"tag":421,"props":486,"children":489},{"href":487,"rel":488},"https://github.com/Azure-Samples",[425],[490],{"type":418,"value":491},"Azure Samples GitHub organization",{"type":418,"value":493},". I took only what was necessary for Teams Tab SSO, adapted it to use Microsoft Graph objects/commands, and added missing commands.",{"type":413,"tag":414,"props":495,"children":496},{},[497],{"type":418,"value":498},"I am not an expert in PowerShell so there might be things to improve in the final script, but I hope the following steps will help you to understand how to configure SSO for your Teams Tab.",{"type":413,"tag":500,"props":501,"children":503},"h3",{"id":502},"interacting-with-azure-active-directory",[504],{"type":418,"value":505},"Interacting with Azure Active Directory",{"type":413,"tag":414,"props":507,"children":508},{},[509,511,518],{"type":418,"value":510},"PowerShell has a module called ",{"type":413,"tag":421,"props":512,"children":515},{"href":513,"rel":514},"https://docs.microsoft.com/en-us/powershell/module/azuread/?view=azureadps-2.0",[425],[516],{"type":418,"value":517},"AzureAd",{"type":418,"value":519}," that allow us to interact with Azure Active Directory.\nThe first step is to install this module if not already installed, import it and authenticate to Azure AD to be able to use Active Directory commands once authenticated.",{"type":413,"tag":521,"props":522,"children":525},"pre",{"className":523,"code":524,"language":248,"meta":401,"style":401},"language-powershell shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","if ($null -eq (Get-Module -ListAvailable -Name \"AzureAD\")) { \n Install-Module -Name \"AzureAD\" -Force\n}\n\nImport-Module AzureAD\n\nConnect-AzureAD -TenantId $tenantId\n",[526],{"type":413,"tag":527,"props":528,"children":529},"code",{"__ignoreMap":401},[530,615,653,662,672,686,694],{"type":413,"tag":531,"props":532,"children":535},"span",{"class":533,"line":534},"line",1,[536,542,548,553,558,564,569,575,580,585,590,596,600,605,610],{"type":413,"tag":531,"props":537,"children":539},{"style":538},"--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF;--shiki-light-font-style:italic;--shiki-default-font-style:italic;--shiki-dark-font-style:italic",[540],{"type":418,"value":541},"if",{"type":413,"tag":531,"props":543,"children":545},{"style":544},"--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF",[546],{"type":418,"value":547}," ($null",{"type":413,"tag":531,"props":549,"children":550},{"style":544},[551],{"type":418,"value":552}," -eq",{"type":413,"tag":531,"props":554,"children":555},{"style":544},[556],{"type":418,"value":557}," (",{"type":413,"tag":531,"props":559,"children":561},{"style":560},"--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF",[562],{"type":418,"value":563},"Get-Module",{"type":413,"tag":531,"props":565,"children":566},{"style":544},[567],{"type":418,"value":568}," -",{"type":413,"tag":531,"props":570,"children":572},{"style":571},"--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8",[573],{"type":418,"value":574},"ListAvailable ",{"type":413,"tag":531,"props":576,"children":577},{"style":544},[578],{"type":418,"value":579},"-",{"type":413,"tag":531,"props":581,"children":582},{"style":571},[583],{"type":418,"value":584},"Name ",{"type":413,"tag":531,"props":586,"children":587},{"style":544},[588],{"type":418,"value":589},"\"",{"type":413,"tag":531,"props":591,"children":593},{"style":592},"--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D",[594],{"type":418,"value":595},"AzureAD",{"type":413,"tag":531,"props":597,"children":598},{"style":544},[599],{"type":418,"value":589},{"type":413,"tag":531,"props":601,"children":602},{"style":544},[603],{"type":418,"value":604},"))",{"type":413,"tag":531,"props":606,"children":607},{"style":544},[608],{"type":418,"value":609}," {",{"type":413,"tag":531,"props":611,"children":612},{"style":571},[613],{"type":418,"value":614}," \n",{"type":413,"tag":531,"props":616,"children":618},{"class":533,"line":617},2,[619,624,628,632,636,640,644,648],{"type":413,"tag":531,"props":620,"children":621},{"style":560},[622],{"type":418,"value":623}," Install-Module",{"type":413,"tag":531,"props":625,"children":626},{"style":544},[627],{"type":418,"value":568},{"type":413,"tag":531,"props":629,"children":630},{"style":571},[631],{"type":418,"value":584},{"type":413,"tag":531,"props":633,"children":634},{"style":544},[635],{"type":418,"value":589},{"type":413,"tag":531,"props":637,"children":638},{"style":592},[639],{"type":418,"value":595},{"type":413,"tag":531,"props":641,"children":642},{"style":544},[643],{"type":418,"value":589},{"type":413,"tag":531,"props":645,"children":646},{"style":544},[647],{"type":418,"value":568},{"type":413,"tag":531,"props":649,"children":650},{"style":571},[651],{"type":418,"value":652},"Force\n",{"type":413,"tag":531,"props":654,"children":656},{"class":533,"line":655},3,[657],{"type":413,"tag":531,"props":658,"children":659},{"style":544},[660],{"type":418,"value":661},"}\n",{"type":413,"tag":531,"props":663,"children":665},{"class":533,"line":664},4,[666],{"type":413,"tag":531,"props":667,"children":669},{"emptyLinePlaceholder":668},true,[670],{"type":418,"value":671},"\n",{"type":413,"tag":531,"props":673,"children":675},{"class":533,"line":674},5,[676,681],{"type":413,"tag":531,"props":677,"children":678},{"style":560},[679],{"type":418,"value":680},"Import-Module",{"type":413,"tag":531,"props":682,"children":683},{"style":571},[684],{"type":418,"value":685}," AzureAD\n",{"type":413,"tag":531,"props":687,"children":689},{"class":533,"line":688},6,[690],{"type":413,"tag":531,"props":691,"children":692},{"emptyLinePlaceholder":668},[693],{"type":418,"value":671},{"type":413,"tag":531,"props":695,"children":697},{"class":533,"line":696},7,[698,703,707,712,717],{"type":413,"tag":531,"props":699,"children":700},{"style":560},[701],{"type":418,"value":702},"Connect-AzureAD",{"type":413,"tag":531,"props":704,"children":705},{"style":544},[706],{"type":418,"value":568},{"type":413,"tag":531,"props":708,"children":709},{"style":571},[710],{"type":418,"value":711},"TenantId ",{"type":413,"tag":531,"props":713,"children":714},{"style":544},[715],{"type":418,"value":716},"$",{"type":413,"tag":531,"props":718,"children":719},{"style":571},[720],{"type":418,"value":721},"tenantId\n",{"type":413,"tag":414,"props":723,"children":724},{},[725],{"type":418,"value":726},"This will prompt us to log in with our AD account. We will see later in the article how we can avoid that if we are using this script in an Azure Pipeline.",{"type":413,"tag":500,"props":728,"children":730},{"id":729},"retrieving-the-application-registration",[731],{"type":418,"value":732},"Retrieving the application registration",{"type":413,"tag":414,"props":734,"children":735},{},[736],{"type":418,"value":737},"I already created my application registration in AD with Pulumi so I just have to retrieve it before configuring it.",{"type":413,"tag":521,"props":739,"children":741},{"className":523,"code":740,"language":248,"meta":401,"style":401},"$app = Get-AzureADMSApplication -ObjectId $applicationObjectId\n",[742],{"type":413,"tag":527,"props":743,"children":744},{"__ignoreMap":401},[745],{"type":413,"tag":531,"props":746,"children":747},{"class":533,"line":534},[748,752,757,762,767,771,776,780],{"type":413,"tag":531,"props":749,"children":750},{"style":544},[751],{"type":418,"value":716},{"type":413,"tag":531,"props":753,"children":754},{"style":571},[755],{"type":418,"value":756},"app ",{"type":413,"tag":531,"props":758,"children":759},{"style":544},[760],{"type":418,"value":761},"=",{"type":413,"tag":531,"props":763,"children":764},{"style":560},[765],{"type":418,"value":766}," Get-AzureADMSApplication",{"type":413,"tag":531,"props":768,"children":769},{"style":544},[770],{"type":418,"value":568},{"type":413,"tag":531,"props":772,"children":773},{"style":571},[774],{"type":418,"value":775},"ObjectId ",{"type":413,"tag":531,"props":777,"children":778},{"style":544},[779],{"type":418,"value":716},{"type":413,"tag":531,"props":781,"children":782},{"style":571},[783],{"type":418,"value":784},"applicationObjectId\n",{"type":413,"tag":414,"props":786,"children":787},{},[788,790,796],{"type":418,"value":789},"If you don't have an existing application registration you can create one with the ",{"type":413,"tag":527,"props":791,"children":793},{"className":792},[],[794],{"type":418,"value":795},"New-AzureADMSApplication",{"type":418,"value":797}," command.",{"type":413,"tag":799,"props":800,"children":802},"callout",{"icon":801},"i-fluent-emoji-flat-gem-stone",[803],{"type":413,"tag":414,"props":804,"children":805},{},[806,808,814,816,822,824,830],{"type":418,"value":807},"You may note that there are similar commands ",{"type":413,"tag":527,"props":809,"children":811},{"className":810},[],[812],{"type":418,"value":813},"Get-AzureADApplication",{"type":418,"value":815}," and ",{"type":413,"tag":527,"props":817,"children":819},{"className":818},[],[820],{"type":418,"value":821},"New-AzureADApplication",{"type":418,"value":823}," that exist. Both commands work fine but commands with ",{"type":413,"tag":825,"props":826,"children":827},"em",{},[828],{"type":418,"value":829},"MS",{"type":418,"value":831}," in their name internally use Microsoft Graph which seems to be the modern way to interact with Azure AD.",{"type":413,"tag":500,"props":833,"children":835},{"id":834},"creating-the-service-principal",[836],{"type":418,"value":837},"Creating the service principal",{"type":413,"tag":414,"props":839,"children":840},{},[841,843,850],{"type":418,"value":842},"When you register an application in Azure Portal it creates an Application object and a Service Principal in your tenant. But if you create the Application outside the Azure Portal (Azure CLI, PowerShell, Pulumi, ...), you will have to create the Service Principal as well. Just as a reminder the ",{"type":413,"tag":421,"props":844,"children":847},{"href":845,"rel":846},"https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#application-and-service-principal-relationship",[425],[848],{"type":418,"value":849},"application object should be considered as the global representation of your application for use across all tenants, and the service principal as the local representation for use in a specific tenant",{"type":418,"value":430},{"type":413,"tag":521,"props":852,"children":854},{"className":523,"code":853,"language":248,"meta":401,"style":401},"New-AzureADServicePrincipal -AppId $app.AppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}\n",[855],{"type":413,"tag":527,"props":856,"children":857},{"__ignoreMap":401},[858],{"type":413,"tag":531,"props":859,"children":860},{"class":533,"line":534},[861,866,870,875,879,884,888,893,898,903],{"type":413,"tag":531,"props":862,"children":863},{"style":560},[864],{"type":418,"value":865},"New-AzureADServicePrincipal",{"type":413,"tag":531,"props":867,"children":868},{"style":544},[869],{"type":418,"value":568},{"type":413,"tag":531,"props":871,"children":872},{"style":571},[873],{"type":418,"value":874},"AppId ",{"type":413,"tag":531,"props":876,"children":877},{"style":544},[878],{"type":418,"value":716},{"type":413,"tag":531,"props":880,"children":881},{"style":571},[882],{"type":418,"value":883},"app.AppId ",{"type":413,"tag":531,"props":885,"children":886},{"style":544},[887],{"type":418,"value":579},{"type":413,"tag":531,"props":889,"children":890},{"style":571},[891],{"type":418,"value":892},"Tags ",{"type":413,"tag":531,"props":894,"children":895},{"style":544},[896],{"type":418,"value":897},"{",{"type":413,"tag":531,"props":899,"children":900},{"style":571},[901],{"type":418,"value":902},"WindowsAzureActiveDirectoryIntegratedApp",{"type":413,"tag":531,"props":904,"children":905},{"style":544},[906],{"type":418,"value":661},{"type":413,"tag":500,"props":908,"children":910},{"id":909},"exposing-an-application-as-an-api",[911],{"type":418,"value":912},"Exposing an application as an API",{"type":413,"tag":414,"props":914,"children":915},{},[916,918,924],{"type":418,"value":917},"To expose an application as an API, it is necessary to set the identifier URI of the application. We will use a variable ",{"type":413,"tag":527,"props":919,"children":921},{"className":920},[],[922],{"type":418,"value":923},"$customDomainName",{"type":418,"value":925}," to specify the custom domain of the application. Indeed as stated by the documentation, for the moment Teams Tab SSO does not support applications that use the azurewebsites.net domain.",{"type":413,"tag":521,"props":927,"children":929},{"className":523,"code":928,"language":248,"meta":401,"style":401},"$appId = $app.AppId\nSet-AzureADMSApplication -ObjectId $app.Id -IdentifierUris \"api://$customDomainName/$appId\"\n",[930],{"type":413,"tag":527,"props":931,"children":932},{"__ignoreMap":401},[933,959],{"type":413,"tag":531,"props":934,"children":935},{"class":533,"line":534},[936,940,945,949,954],{"type":413,"tag":531,"props":937,"children":938},{"style":544},[939],{"type":418,"value":716},{"type":413,"tag":531,"props":941,"children":942},{"style":571},[943],{"type":418,"value":944},"appId ",{"type":413,"tag":531,"props":946,"children":947},{"style":544},[948],{"type":418,"value":761},{"type":413,"tag":531,"props":950,"children":951},{"style":544},[952],{"type":418,"value":953}," $",{"type":413,"tag":531,"props":955,"children":956},{"style":571},[957],{"type":418,"value":958},"app.AppId\n",{"type":413,"tag":531,"props":960,"children":961},{"class":533,"line":617},[962,967,971,975,979,984,988,993,997,1002,1006,1011,1016,1020,1025],{"type":413,"tag":531,"props":963,"children":964},{"style":560},[965],{"type":418,"value":966},"Set-AzureADMSApplication",{"type":413,"tag":531,"props":968,"children":969},{"style":544},[970],{"type":418,"value":568},{"type":413,"tag":531,"props":972,"children":973},{"style":571},[974],{"type":418,"value":775},{"type":413,"tag":531,"props":976,"children":977},{"style":544},[978],{"type":418,"value":716},{"type":413,"tag":531,"props":980,"children":981},{"style":571},[982],{"type":418,"value":983},"app.Id ",{"type":413,"tag":531,"props":985,"children":986},{"style":544},[987],{"type":418,"value":579},{"type":413,"tag":531,"props":989,"children":990},{"style":571},[991],{"type":418,"value":992},"IdentifierUris ",{"type":413,"tag":531,"props":994,"children":995},{"style":544},[996],{"type":418,"value":589},{"type":413,"tag":531,"props":998,"children":999},{"style":592},[1000],{"type":418,"value":1001},"api://",{"type":413,"tag":531,"props":1003,"children":1004},{"style":544},[1005],{"type":418,"value":716},{"type":413,"tag":531,"props":1007,"children":1008},{"style":571},[1009],{"type":418,"value":1010},"customDomainName",{"type":413,"tag":531,"props":1012,"children":1013},{"style":592},[1014],{"type":418,"value":1015},"/",{"type":413,"tag":531,"props":1017,"children":1018},{"style":544},[1019],{"type":418,"value":716},{"type":413,"tag":531,"props":1021,"children":1022},{"style":571},[1023],{"type":418,"value":1024},"appId",{"type":413,"tag":531,"props":1026,"children":1027},{"style":544},[1028],{"type":418,"value":1029},"\"\n",{"type":413,"tag":500,"props":1031,"children":1033},{"id":1032},"creating-the-access_as_user-scope",[1034],{"type":418,"value":1035},"Creating the access_as_user scope",{"type":413,"tag":414,"props":1037,"children":1038},{},[1039,1041,1047,1049,1054],{"type":418,"value":1040},"Teams Tab SSO works by making the Teams client (whether it be Teams mobile app, desktop app, or web app) ask for an Azure AD token with the scope ",{"type":413,"tag":527,"props":1042,"children":1044},{"className":1043},[],[1045],{"type":418,"value":1046},"access_as_user",{"type":418,"value":1048}," of the Tab application you developed. So we need to create a scope ",{"type":413,"tag":527,"props":1050,"children":1052},{"className":1051},[],[1053],{"type":418,"value":1046},{"type":418,"value":1055}," in the application.",{"type":413,"tag":521,"props":1057,"children":1059},{"className":523,"code":1058,"language":248,"meta":401,"style":401},"# Add all existing scopes first\n$scopes = New-Object System.Collections.Generic.List[Microsoft.Open.MsGraph.Model.PermissionScope]\n$app.Api.Oauth2PermissionScopes | foreach-object { $scopes.Add($_) }\n$scope = CreateScope -value \"access_as_user\" `\n -userConsentDisplayName \"Teams can access the user’s profile\" `\n -userConsentDescription \"Allows Teams to call the app’s web APIs as the current user.\" `\n -adminConsentDisplayName \"Teams can access your user profile and make requests on your behalf\" `\n -adminConsentDescription \"Enable Teams to call this app’s APIs with the same rights that you have\"\n$scopes.Add($scope)\n$app.Api.Oauth2PermissionScopes = $scopes\nSet-AzureADMSApplication -ObjectId $app.Id -Api $app.Api\n",[1060],{"type":413,"tag":527,"props":1061,"children":1062},{"__ignoreMap":401},[1063,1072,1114,1169,1216,1246,1275,1304,1330,1356,1381],{"type":413,"tag":531,"props":1064,"children":1065},{"class":533,"line":534},[1066],{"type":413,"tag":531,"props":1067,"children":1069},{"style":1068},"--shiki-light:#90A4AE;--shiki-default:#546E7A;--shiki-dark:#676E95;--shiki-light-font-style:italic;--shiki-default-font-style:italic;--shiki-dark-font-style:italic",[1070],{"type":418,"value":1071},"# Add all existing scopes first\n",{"type":413,"tag":531,"props":1073,"children":1074},{"class":533,"line":617},[1075,1079,1084,1088,1093,1098,1103,1109],{"type":413,"tag":531,"props":1076,"children":1077},{"style":544},[1078],{"type":418,"value":716},{"type":413,"tag":531,"props":1080,"children":1081},{"style":571},[1082],{"type":418,"value":1083},"scopes ",{"type":413,"tag":531,"props":1085,"children":1086},{"style":544},[1087],{"type":418,"value":761},{"type":413,"tag":531,"props":1089,"children":1090},{"style":560},[1091],{"type":418,"value":1092}," New-Object",{"type":413,"tag":531,"props":1094,"children":1095},{"style":571},[1096],{"type":418,"value":1097}," System.Collections.Generic.List",{"type":413,"tag":531,"props":1099,"children":1100},{"style":544},[1101],{"type":418,"value":1102},"[",{"type":413,"tag":531,"props":1104,"children":1106},{"style":1105},"--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA",[1107],{"type":418,"value":1108},"Microsoft.Open.MsGraph.Model.PermissionScope",{"type":413,"tag":531,"props":1110,"children":1111},{"style":544},[1112],{"type":418,"value":1113},"]\n",{"type":413,"tag":531,"props":1115,"children":1116},{"class":533,"line":655},[1117,1121,1126,1131,1136,1140,1144,1149,1154,1159,1164],{"type":413,"tag":531,"props":1118,"children":1119},{"style":544},[1120],{"type":418,"value":716},{"type":413,"tag":531,"props":1122,"children":1123},{"style":571},[1124],{"type":418,"value":1125},"app.Api.Oauth2PermissionScopes ",{"type":413,"tag":531,"props":1127,"children":1128},{"style":544},[1129],{"type":418,"value":1130},"|",{"type":413,"tag":531,"props":1132,"children":1133},{"style":560},[1134],{"type":418,"value":1135}," foreach-object",{"type":413,"tag":531,"props":1137,"children":1138},{"style":544},[1139],{"type":418,"value":609},{"type":413,"tag":531,"props":1141,"children":1142},{"style":544},[1143],{"type":418,"value":953},{"type":413,"tag":531,"props":1145,"children":1146},{"style":571},[1147],{"type":418,"value":1148},"scopes.Add",{"type":413,"tag":531,"props":1150,"children":1151},{"style":544},[1152],{"type":418,"value":1153},"($",{"type":413,"tag":531,"props":1155,"children":1156},{"style":571},[1157],{"type":418,"value":1158},"_",{"type":413,"tag":531,"props":1160,"children":1161},{"style":544},[1162],{"type":418,"value":1163},")",{"type":413,"tag":531,"props":1165,"children":1166},{"style":544},[1167],{"type":418,"value":1168}," }\n",{"type":413,"tag":531,"props":1170,"children":1171},{"class":533,"line":664},[1172,1176,1181,1185,1190,1194,1199,1203,1207,1211],{"type":413,"tag":531,"props":1173,"children":1174},{"style":544},[1175],{"type":418,"value":716},{"type":413,"tag":531,"props":1177,"children":1178},{"style":571},[1179],{"type":418,"value":1180},"scope ",{"type":413,"tag":531,"props":1182,"children":1183},{"style":544},[1184],{"type":418,"value":761},{"type":413,"tag":531,"props":1186,"children":1187},{"style":571},[1188],{"type":418,"value":1189}," CreateScope ",{"type":413,"tag":531,"props":1191,"children":1192},{"style":544},[1193],{"type":418,"value":579},{"type":413,"tag":531,"props":1195,"children":1196},{"style":571},[1197],{"type":418,"value":1198},"value ",{"type":413,"tag":531,"props":1200,"children":1201},{"style":544},[1202],{"type":418,"value":589},{"type":413,"tag":531,"props":1204,"children":1205},{"style":592},[1206],{"type":418,"value":1046},{"type":413,"tag":531,"props":1208,"children":1209},{"style":544},[1210],{"type":418,"value":589},{"type":413,"tag":531,"props":1212,"children":1213},{"style":544},[1214],{"type":418,"value":1215}," `\n",{"type":413,"tag":531,"props":1217,"children":1218},{"class":533,"line":674},[1219,1224,1229,1233,1238,1242],{"type":413,"tag":531,"props":1220,"children":1221},{"style":544},[1222],{"type":418,"value":1223}," -",{"type":413,"tag":531,"props":1225,"children":1226},{"style":571},[1227],{"type":418,"value":1228},"userConsentDisplayName ",{"type":413,"tag":531,"props":1230,"children":1231},{"style":544},[1232],{"type":418,"value":589},{"type":413,"tag":531,"props":1234,"children":1235},{"style":592},[1236],{"type":418,"value":1237},"Teams can access the user’s profile",{"type":413,"tag":531,"props":1239,"children":1240},{"style":544},[1241],{"type":418,"value":589},{"type":413,"tag":531,"props":1243,"children":1244},{"style":544},[1245],{"type":418,"value":1215},{"type":413,"tag":531,"props":1247,"children":1248},{"class":533,"line":688},[1249,1253,1258,1262,1267,1271],{"type":413,"tag":531,"props":1250,"children":1251},{"style":544},[1252],{"type":418,"value":1223},{"type":413,"tag":531,"props":1254,"children":1255},{"style":571},[1256],{"type":418,"value":1257},"userConsentDescription ",{"type":413,"tag":531,"props":1259,"children":1260},{"style":544},[1261],{"type":418,"value":589},{"type":413,"tag":531,"props":1263,"children":1264},{"style":592},[1265],{"type":418,"value":1266},"Allows Teams to call the app’s web APIs as the current user.",{"type":413,"tag":531,"props":1268,"children":1269},{"style":544},[1270],{"type":418,"value":589},{"type":413,"tag":531,"props":1272,"children":1273},{"style":544},[1274],{"type":418,"value":1215},{"type":413,"tag":531,"props":1276,"children":1277},{"class":533,"line":696},[1278,1282,1287,1291,1296,1300],{"type":413,"tag":531,"props":1279,"children":1280},{"style":544},[1281],{"type":418,"value":1223},{"type":413,"tag":531,"props":1283,"children":1284},{"style":571},[1285],{"type":418,"value":1286},"adminConsentDisplayName ",{"type":413,"tag":531,"props":1288,"children":1289},{"style":544},[1290],{"type":418,"value":589},{"type":413,"tag":531,"props":1292,"children":1293},{"style":592},[1294],{"type":418,"value":1295},"Teams can access your user profile and make requests on your behalf",{"type":413,"tag":531,"props":1297,"children":1298},{"style":544},[1299],{"type":418,"value":589},{"type":413,"tag":531,"props":1301,"children":1302},{"style":544},[1303],{"type":418,"value":1215},{"type":413,"tag":531,"props":1305,"children":1307},{"class":533,"line":1306},8,[1308,1312,1317,1321,1326],{"type":413,"tag":531,"props":1309,"children":1310},{"style":544},[1311],{"type":418,"value":1223},{"type":413,"tag":531,"props":1313,"children":1314},{"style":571},[1315],{"type":418,"value":1316},"adminConsentDescription ",{"type":413,"tag":531,"props":1318,"children":1319},{"style":544},[1320],{"type":418,"value":589},{"type":413,"tag":531,"props":1322,"children":1323},{"style":592},[1324],{"type":418,"value":1325},"Enable Teams to call this app’s APIs with the same rights that you have",{"type":413,"tag":531,"props":1327,"children":1328},{"style":544},[1329],{"type":418,"value":1029},{"type":413,"tag":531,"props":1331,"children":1333},{"class":533,"line":1332},9,[1334,1338,1342,1346,1351],{"type":413,"tag":531,"props":1335,"children":1336},{"style":544},[1337],{"type":418,"value":716},{"type":413,"tag":531,"props":1339,"children":1340},{"style":571},[1341],{"type":418,"value":1148},{"type":413,"tag":531,"props":1343,"children":1344},{"style":544},[1345],{"type":418,"value":1153},{"type":413,"tag":531,"props":1347,"children":1348},{"style":571},[1349],{"type":418,"value":1350},"scope",{"type":413,"tag":531,"props":1352,"children":1353},{"style":544},[1354],{"type":418,"value":1355},")\n",{"type":413,"tag":531,"props":1357,"children":1359},{"class":533,"line":1358},10,[1360,1364,1368,1372,1376],{"type":413,"tag":531,"props":1361,"children":1362},{"style":544},[1363],{"type":418,"value":716},{"type":413,"tag":531,"props":1365,"children":1366},{"style":571},[1367],{"type":418,"value":1125},{"type":413,"tag":531,"props":1369,"children":1370},{"style":544},[1371],{"type":418,"value":761},{"type":413,"tag":531,"props":1373,"children":1374},{"style":544},[1375],{"type":418,"value":953},{"type":413,"tag":531,"props":1377,"children":1378},{"style":571},[1379],{"type":418,"value":1380},"scopes\n",{"type":413,"tag":531,"props":1382,"children":1384},{"class":533,"line":1383},11,[1385,1389,1393,1397,1401,1405,1409,1414,1418],{"type":413,"tag":531,"props":1386,"children":1387},{"style":560},[1388],{"type":418,"value":966},{"type":413,"tag":531,"props":1390,"children":1391},{"style":544},[1392],{"type":418,"value":568},{"type":413,"tag":531,"props":1394,"children":1395},{"style":571},[1396],{"type":418,"value":775},{"type":413,"tag":531,"props":1398,"children":1399},{"style":544},[1400],{"type":418,"value":716},{"type":413,"tag":531,"props":1402,"children":1403},{"style":571},[1404],{"type":418,"value":983},{"type":413,"tag":531,"props":1406,"children":1407},{"style":544},[1408],{"type":418,"value":579},{"type":413,"tag":531,"props":1410,"children":1411},{"style":571},[1412],{"type":418,"value":1413},"Api ",{"type":413,"tag":531,"props":1415,"children":1416},{"style":544},[1417],{"type":418,"value":716},{"type":413,"tag":531,"props":1419,"children":1420},{"style":571},[1421],{"type":418,"value":1422},"app.Api\n",{"type":413,"tag":414,"props":1424,"children":1425},{},[1426,1428,1433],{"type":418,"value":1427},"This piece of PowerShell just ensures existing scopes won't be deleted when adding the scope ",{"type":413,"tag":527,"props":1429,"children":1431},{"className":1430},[],[1432],{"type":418,"value":1046},{"type":418,"value":1434},". Display names and descriptions of the new scope are the ones recommended in the documentation. This code calls a PowerShell function that simply creates the scope object.",{"type":413,"tag":521,"props":1436,"children":1438},{"className":523,"code":1437,"language":248,"meta":401,"style":401},"\u003C#.Description\n This function creates a new Azure AD scope (OAuth2Permission) with default and provided values\n#> \nfunction CreateScope(\n [string] $value,\n [string] $userConsentDisplayName,\n [string] $userConsentDescription,\n [string] $adminConsentDisplayName,\n [string] $adminConsentDescription)\n{\n $scope = New-Object Microsoft.Open.MsGraph.Model.PermissionScope\n $scope.Id = New-Guid\n $scope.Value = $value\n $scope.UserConsentDisplayName = $userConsentDisplayName\n $scope.UserConsentDescription = $userConsentDescription\n $scope.AdminConsentDisplayName = $adminConsentDisplayName\n $scope.AdminConsentDescription = $adminConsentDescription\n $scope.IsEnabled = $true\n $scope.Type = \"User\"\n return $scope\n}\n",[1439],{"type":413,"tag":527,"props":1440,"children":1441},{"__ignoreMap":401},[1442,1459,1467,1480,1498,1530,1558,1586,1614,1642,1650,1675,1697,1723,1749,1775,1801,1827,1849,1880,1898],{"type":413,"tag":531,"props":1443,"children":1444},{"class":533,"line":534},[1445,1450,1454],{"type":413,"tag":531,"props":1446,"children":1447},{"style":1068},[1448],{"type":418,"value":1449},"\u003C#",{"type":413,"tag":531,"props":1451,"children":1452},{"style":1068},[1453],{"type":418,"value":430},{"type":413,"tag":531,"props":1455,"children":1456},{"style":538},[1457],{"type":418,"value":1458},"Description\n",{"type":413,"tag":531,"props":1460,"children":1461},{"class":533,"line":617},[1462],{"type":413,"tag":531,"props":1463,"children":1464},{"style":1068},[1465],{"type":418,"value":1466}," This function creates a new Azure AD scope (OAuth2Permission) with default and provided values\n",{"type":413,"tag":531,"props":1468,"children":1469},{"class":533,"line":655},[1470,1475],{"type":413,"tag":531,"props":1471,"children":1472},{"style":1068},[1473],{"type":418,"value":1474},"#>",{"type":413,"tag":531,"props":1476,"children":1477},{"style":571},[1478],{"type":418,"value":1479}," \n",{"type":413,"tag":531,"props":1481,"children":1482},{"class":533,"line":664},[1483,1488,1493],{"type":413,"tag":531,"props":1484,"children":1485},{"style":1105},[1486],{"type":418,"value":1487},"function",{"type":413,"tag":531,"props":1489,"children":1490},{"style":560},[1491],{"type":418,"value":1492}," CreateScope",{"type":413,"tag":531,"props":1494,"children":1495},{"style":544},[1496],{"type":418,"value":1497},"(\n",{"type":413,"tag":531,"props":1499,"children":1500},{"class":533,"line":674},[1501,1506,1511,1516,1520,1525],{"type":413,"tag":531,"props":1502,"children":1503},{"style":544},[1504],{"type":418,"value":1505}," [",{"type":413,"tag":531,"props":1507,"children":1508},{"style":1105},[1509],{"type":418,"value":1510},"string",{"type":413,"tag":531,"props":1512,"children":1513},{"style":544},[1514],{"type":418,"value":1515},"]",{"type":413,"tag":531,"props":1517,"children":1518},{"style":544},[1519],{"type":418,"value":953},{"type":413,"tag":531,"props":1521,"children":1522},{"style":571},[1523],{"type":418,"value":1524},"value",{"type":413,"tag":531,"props":1526,"children":1527},{"style":544},[1528],{"type":418,"value":1529},",\n",{"type":413,"tag":531,"props":1531,"children":1532},{"class":533,"line":688},[1533,1537,1541,1545,1549,1554],{"type":413,"tag":531,"props":1534,"children":1535},{"style":544},[1536],{"type":418,"value":1505},{"type":413,"tag":531,"props":1538,"children":1539},{"style":1105},[1540],{"type":418,"value":1510},{"type":413,"tag":531,"props":1542,"children":1543},{"style":544},[1544],{"type":418,"value":1515},{"type":413,"tag":531,"props":1546,"children":1547},{"style":544},[1548],{"type":418,"value":953},{"type":413,"tag":531,"props":1550,"children":1551},{"style":571},[1552],{"type":418,"value":1553},"userConsentDisplayName",{"type":413,"tag":531,"props":1555,"children":1556},{"style":544},[1557],{"type":418,"value":1529},{"type":413,"tag":531,"props":1559,"children":1560},{"class":533,"line":696},[1561,1565,1569,1573,1577,1582],{"type":413,"tag":531,"props":1562,"children":1563},{"style":544},[1564],{"type":418,"value":1505},{"type":413,"tag":531,"props":1566,"children":1567},{"style":1105},[1568],{"type":418,"value":1510},{"type":413,"tag":531,"props":1570,"children":1571},{"style":544},[1572],{"type":418,"value":1515},{"type":413,"tag":531,"props":1574,"children":1575},{"style":544},[1576],{"type":418,"value":953},{"type":413,"tag":531,"props":1578,"children":1579},{"style":571},[1580],{"type":418,"value":1581},"userConsentDescription",{"type":413,"tag":531,"props":1583,"children":1584},{"style":544},[1585],{"type":418,"value":1529},{"type":413,"tag":531,"props":1587,"children":1588},{"class":533,"line":1306},[1589,1593,1597,1601,1605,1610],{"type":413,"tag":531,"props":1590,"children":1591},{"style":544},[1592],{"type":418,"value":1505},{"type":413,"tag":531,"props":1594,"children":1595},{"style":1105},[1596],{"type":418,"value":1510},{"type":413,"tag":531,"props":1598,"children":1599},{"style":544},[1600],{"type":418,"value":1515},{"type":413,"tag":531,"props":1602,"children":1603},{"style":544},[1604],{"type":418,"value":953},{"type":413,"tag":531,"props":1606,"children":1607},{"style":571},[1608],{"type":418,"value":1609},"adminConsentDisplayName",{"type":413,"tag":531,"props":1611,"children":1612},{"style":544},[1613],{"type":418,"value":1529},{"type":413,"tag":531,"props":1615,"children":1616},{"class":533,"line":1332},[1617,1621,1625,1629,1633,1638],{"type":413,"tag":531,"props":1618,"children":1619},{"style":544},[1620],{"type":418,"value":1505},{"type":413,"tag":531,"props":1622,"children":1623},{"style":1105},[1624],{"type":418,"value":1510},{"type":413,"tag":531,"props":1626,"children":1627},{"style":544},[1628],{"type":418,"value":1515},{"type":413,"tag":531,"props":1630,"children":1631},{"style":544},[1632],{"type":418,"value":953},{"type":413,"tag":531,"props":1634,"children":1635},{"style":571},[1636],{"type":418,"value":1637},"adminConsentDescription",{"type":413,"tag":531,"props":1639,"children":1640},{"style":544},[1641],{"type":418,"value":1355},{"type":413,"tag":531,"props":1643,"children":1644},{"class":533,"line":1358},[1645],{"type":413,"tag":531,"props":1646,"children":1647},{"style":544},[1648],{"type":418,"value":1649},"{\n",{"type":413,"tag":531,"props":1651,"children":1652},{"class":533,"line":1383},[1653,1658,1662,1666,1670],{"type":413,"tag":531,"props":1654,"children":1655},{"style":544},[1656],{"type":418,"value":1657}," $",{"type":413,"tag":531,"props":1659,"children":1660},{"style":571},[1661],{"type":418,"value":1180},{"type":413,"tag":531,"props":1663,"children":1664},{"style":544},[1665],{"type":418,"value":761},{"type":413,"tag":531,"props":1667,"children":1668},{"style":560},[1669],{"type":418,"value":1092},{"type":413,"tag":531,"props":1671,"children":1672},{"style":571},[1673],{"type":418,"value":1674}," Microsoft.Open.MsGraph.Model.PermissionScope\n",{"type":413,"tag":531,"props":1676,"children":1678},{"class":533,"line":1677},12,[1679,1683,1688,1692],{"type":413,"tag":531,"props":1680,"children":1681},{"style":544},[1682],{"type":418,"value":1657},{"type":413,"tag":531,"props":1684,"children":1685},{"style":571},[1686],{"type":418,"value":1687},"scope.Id ",{"type":413,"tag":531,"props":1689,"children":1690},{"style":544},[1691],{"type":418,"value":761},{"type":413,"tag":531,"props":1693,"children":1694},{"style":560},[1695],{"type":418,"value":1696}," New-Guid\n",{"type":413,"tag":531,"props":1698,"children":1700},{"class":533,"line":1699},13,[1701,1705,1710,1714,1718],{"type":413,"tag":531,"props":1702,"children":1703},{"style":544},[1704],{"type":418,"value":1657},{"type":413,"tag":531,"props":1706,"children":1707},{"style":571},[1708],{"type":418,"value":1709},"scope.Value ",{"type":413,"tag":531,"props":1711,"children":1712},{"style":544},[1713],{"type":418,"value":761},{"type":413,"tag":531,"props":1715,"children":1716},{"style":544},[1717],{"type":418,"value":953},{"type":413,"tag":531,"props":1719,"children":1720},{"style":571},[1721],{"type":418,"value":1722},"value\n",{"type":413,"tag":531,"props":1724,"children":1726},{"class":533,"line":1725},14,[1727,1731,1736,1740,1744],{"type":413,"tag":531,"props":1728,"children":1729},{"style":544},[1730],{"type":418,"value":1657},{"type":413,"tag":531,"props":1732,"children":1733},{"style":571},[1734],{"type":418,"value":1735},"scope.UserConsentDisplayName ",{"type":413,"tag":531,"props":1737,"children":1738},{"style":544},[1739],{"type":418,"value":761},{"type":413,"tag":531,"props":1741,"children":1742},{"style":544},[1743],{"type":418,"value":953},{"type":413,"tag":531,"props":1745,"children":1746},{"style":571},[1747],{"type":418,"value":1748},"userConsentDisplayName\n",{"type":413,"tag":531,"props":1750,"children":1752},{"class":533,"line":1751},15,[1753,1757,1762,1766,1770],{"type":413,"tag":531,"props":1754,"children":1755},{"style":544},[1756],{"type":418,"value":1657},{"type":413,"tag":531,"props":1758,"children":1759},{"style":571},[1760],{"type":418,"value":1761},"scope.UserConsentDescription ",{"type":413,"tag":531,"props":1763,"children":1764},{"style":544},[1765],{"type":418,"value":761},{"type":413,"tag":531,"props":1767,"children":1768},{"style":544},[1769],{"type":418,"value":953},{"type":413,"tag":531,"props":1771,"children":1772},{"style":571},[1773],{"type":418,"value":1774},"userConsentDescription\n",{"type":413,"tag":531,"props":1776,"children":1778},{"class":533,"line":1777},16,[1779,1783,1788,1792,1796],{"type":413,"tag":531,"props":1780,"children":1781},{"style":544},[1782],{"type":418,"value":1657},{"type":413,"tag":531,"props":1784,"children":1785},{"style":571},[1786],{"type":418,"value":1787},"scope.AdminConsentDisplayName ",{"type":413,"tag":531,"props":1789,"children":1790},{"style":544},[1791],{"type":418,"value":761},{"type":413,"tag":531,"props":1793,"children":1794},{"style":544},[1795],{"type":418,"value":953},{"type":413,"tag":531,"props":1797,"children":1798},{"style":571},[1799],{"type":418,"value":1800},"adminConsentDisplayName\n",{"type":413,"tag":531,"props":1802,"children":1804},{"class":533,"line":1803},17,[1805,1809,1814,1818,1822],{"type":413,"tag":531,"props":1806,"children":1807},{"style":544},[1808],{"type":418,"value":1657},{"type":413,"tag":531,"props":1810,"children":1811},{"style":571},[1812],{"type":418,"value":1813},"scope.AdminConsentDescription ",{"type":413,"tag":531,"props":1815,"children":1816},{"style":544},[1817],{"type":418,"value":761},{"type":413,"tag":531,"props":1819,"children":1820},{"style":544},[1821],{"type":418,"value":953},{"type":413,"tag":531,"props":1823,"children":1824},{"style":571},[1825],{"type":418,"value":1826},"adminConsentDescription\n",{"type":413,"tag":531,"props":1828,"children":1830},{"class":533,"line":1829},18,[1831,1835,1840,1844],{"type":413,"tag":531,"props":1832,"children":1833},{"style":544},[1834],{"type":418,"value":1657},{"type":413,"tag":531,"props":1836,"children":1837},{"style":571},[1838],{"type":418,"value":1839},"scope.IsEnabled ",{"type":413,"tag":531,"props":1841,"children":1842},{"style":544},[1843],{"type":418,"value":761},{"type":413,"tag":531,"props":1845,"children":1846},{"style":544},[1847],{"type":418,"value":1848}," $true\n",{"type":413,"tag":531,"props":1850,"children":1852},{"class":533,"line":1851},19,[1853,1857,1862,1866,1871,1876],{"type":413,"tag":531,"props":1854,"children":1855},{"style":544},[1856],{"type":418,"value":1657},{"type":413,"tag":531,"props":1858,"children":1859},{"style":571},[1860],{"type":418,"value":1861},"scope.Type ",{"type":413,"tag":531,"props":1863,"children":1864},{"style":544},[1865],{"type":418,"value":761},{"type":413,"tag":531,"props":1867,"children":1868},{"style":544},[1869],{"type":418,"value":1870}," \"",{"type":413,"tag":531,"props":1872,"children":1873},{"style":592},[1874],{"type":418,"value":1875},"User",{"type":413,"tag":531,"props":1877,"children":1878},{"style":544},[1879],{"type":418,"value":1029},{"type":413,"tag":531,"props":1881,"children":1883},{"class":533,"line":1882},20,[1884,1889,1893],{"type":413,"tag":531,"props":1885,"children":1886},{"style":538},[1887],{"type":418,"value":1888}," return",{"type":413,"tag":531,"props":1890,"children":1891},{"style":544},[1892],{"type":418,"value":953},{"type":413,"tag":531,"props":1894,"children":1895},{"style":571},[1896],{"type":418,"value":1897},"scope\n",{"type":413,"tag":531,"props":1899,"children":1901},{"class":533,"line":1900},21,[1902],{"type":413,"tag":531,"props":1903,"children":1904},{"style":544},[1905],{"type":418,"value":661},{"type":413,"tag":500,"props":1907,"children":1909},{"id":1908},"preauthorize-teams-clients",[1910],{"type":418,"value":1911},"Preauthorize Teams clients.",{"type":413,"tag":414,"props":1913,"children":1914},{},[1915],{"type":418,"value":1916},"As the Teams clients will ask for a token with the previously created scope, they must be authorized to have access to this permission. That is what does the following script:",{"type":413,"tag":521,"props":1918,"children":1920},{"className":523,"code":1919,"language":248,"meta":401,"style":401},"# Authorize Teams mobile/desktop client and Teams web client to access API\n$preAuthorizedApplications = New-Object 'System.Collections.Generic.List[Microsoft.Open.MSGraph.ModePreAuthorizedApplication]'\n$teamsRichClienPreauthorization = CreatePreAuthorizedApplication `\n -applicationIdToPreAuthorize '1fec8e78-bce4-4aaf-ab1b-5451cc387264' `\n -scopeId $scope.Id\n$teamsWebClienPreauthorization = CreatePreAuthorizedApplication `\n -applicationIdToPreAuthorize '5e3ce6c0-2b1f-4285-8d4b-75ee78787346' `\n -scopeId $scope.Id\n$preAuthorizedApplications.Add($teamsRichClienPreauthorization)\n$preAuthorizedApplications.Add($teamsWebClienPreauthorization) \n$app = Get-AzureADMSApplication -ObjectId $applicationObjectId\n$app.Api.PreAuthorizedApplications = $preAuthorizedApplications\nSet-AzureADMSApplication -ObjectId $app.Id -Api $app.Api\n",[1921],{"type":413,"tag":527,"props":1922,"children":1923},{"__ignoreMap":401},[1924,1932,1967,1993,2024,2045,2069,2097,2116,2141,2170,2205,2230],{"type":413,"tag":531,"props":1925,"children":1926},{"class":533,"line":534},[1927],{"type":413,"tag":531,"props":1928,"children":1929},{"style":1068},[1930],{"type":418,"value":1931},"# Authorize Teams mobile/desktop client and Teams web client to access API\n",{"type":413,"tag":531,"props":1933,"children":1934},{"class":533,"line":617},[1935,1939,1944,1948,1952,1957,1962],{"type":413,"tag":531,"props":1936,"children":1937},{"style":544},[1938],{"type":418,"value":716},{"type":413,"tag":531,"props":1940,"children":1941},{"style":571},[1942],{"type":418,"value":1943},"preAuthorizedApplications ",{"type":413,"tag":531,"props":1945,"children":1946},{"style":544},[1947],{"type":418,"value":761},{"type":413,"tag":531,"props":1949,"children":1950},{"style":560},[1951],{"type":418,"value":1092},{"type":413,"tag":531,"props":1953,"children":1954},{"style":544},[1955],{"type":418,"value":1956}," '",{"type":413,"tag":531,"props":1958,"children":1959},{"style":592},[1960],{"type":418,"value":1961},"System.Collections.Generic.List[Microsoft.Open.MSGraph.ModePreAuthorizedApplication]",{"type":413,"tag":531,"props":1963,"children":1964},{"style":544},[1965],{"type":418,"value":1966},"'\n",{"type":413,"tag":531,"props":1968,"children":1969},{"class":533,"line":655},[1970,1974,1979,1983,1988],{"type":413,"tag":531,"props":1971,"children":1972},{"style":544},[1973],{"type":418,"value":716},{"type":413,"tag":531,"props":1975,"children":1976},{"style":571},[1977],{"type":418,"value":1978},"teamsRichClienPreauthorization ",{"type":413,"tag":531,"props":1980,"children":1981},{"style":544},[1982],{"type":418,"value":761},{"type":413,"tag":531,"props":1984,"children":1985},{"style":571},[1986],{"type":418,"value":1987}," CreatePreAuthorizedApplication ",{"type":413,"tag":531,"props":1989,"children":1990},{"style":544},[1991],{"type":418,"value":1992},"`\n",{"type":413,"tag":531,"props":1994,"children":1995},{"class":533,"line":664},[1996,2000,2005,2010,2015,2019],{"type":413,"tag":531,"props":1997,"children":1998},{"style":544},[1999],{"type":418,"value":1223},{"type":413,"tag":531,"props":2001,"children":2002},{"style":571},[2003],{"type":418,"value":2004},"applicationIdToPreAuthorize ",{"type":413,"tag":531,"props":2006,"children":2007},{"style":544},[2008],{"type":418,"value":2009},"'",{"type":413,"tag":531,"props":2011,"children":2012},{"style":592},[2013],{"type":418,"value":2014},"1fec8e78-bce4-4aaf-ab1b-5451cc387264",{"type":413,"tag":531,"props":2016,"children":2017},{"style":544},[2018],{"type":418,"value":2009},{"type":413,"tag":531,"props":2020,"children":2021},{"style":544},[2022],{"type":418,"value":2023}," `\n",{"type":413,"tag":531,"props":2025,"children":2026},{"class":533,"line":674},[2027,2031,2036,2040],{"type":413,"tag":531,"props":2028,"children":2029},{"style":544},[2030],{"type":418,"value":1223},{"type":413,"tag":531,"props":2032,"children":2033},{"style":571},[2034],{"type":418,"value":2035},"scopeId ",{"type":413,"tag":531,"props":2037,"children":2038},{"style":544},[2039],{"type":418,"value":716},{"type":413,"tag":531,"props":2041,"children":2042},{"style":571},[2043],{"type":418,"value":2044},"scope.Id\n",{"type":413,"tag":531,"props":2046,"children":2047},{"class":533,"line":688},[2048,2052,2057,2061,2065],{"type":413,"tag":531,"props":2049,"children":2050},{"style":544},[2051],{"type":418,"value":716},{"type":413,"tag":531,"props":2053,"children":2054},{"style":571},[2055],{"type":418,"value":2056},"teamsWebClienPreauthorization ",{"type":413,"tag":531,"props":2058,"children":2059},{"style":544},[2060],{"type":418,"value":761},{"type":413,"tag":531,"props":2062,"children":2063},{"style":571},[2064],{"type":418,"value":1987},{"type":413,"tag":531,"props":2066,"children":2067},{"style":544},[2068],{"type":418,"value":1992},{"type":413,"tag":531,"props":2070,"children":2071},{"class":533,"line":696},[2072,2076,2080,2084,2089,2093],{"type":413,"tag":531,"props":2073,"children":2074},{"style":544},[2075],{"type":418,"value":1223},{"type":413,"tag":531,"props":2077,"children":2078},{"style":571},[2079],{"type":418,"value":2004},{"type":413,"tag":531,"props":2081,"children":2082},{"style":544},[2083],{"type":418,"value":2009},{"type":413,"tag":531,"props":2085,"children":2086},{"style":592},[2087],{"type":418,"value":2088},"5e3ce6c0-2b1f-4285-8d4b-75ee78787346",{"type":413,"tag":531,"props":2090,"children":2091},{"style":544},[2092],{"type":418,"value":2009},{"type":413,"tag":531,"props":2094,"children":2095},{"style":544},[2096],{"type":418,"value":2023},{"type":413,"tag":531,"props":2098,"children":2099},{"class":533,"line":1306},[2100,2104,2108,2112],{"type":413,"tag":531,"props":2101,"children":2102},{"style":544},[2103],{"type":418,"value":1223},{"type":413,"tag":531,"props":2105,"children":2106},{"style":571},[2107],{"type":418,"value":2035},{"type":413,"tag":531,"props":2109,"children":2110},{"style":544},[2111],{"type":418,"value":716},{"type":413,"tag":531,"props":2113,"children":2114},{"style":571},[2115],{"type":418,"value":2044},{"type":413,"tag":531,"props":2117,"children":2118},{"class":533,"line":1332},[2119,2123,2128,2132,2137],{"type":413,"tag":531,"props":2120,"children":2121},{"style":544},[2122],{"type":418,"value":716},{"type":413,"tag":531,"props":2124,"children":2125},{"style":571},[2126],{"type":418,"value":2127},"preAuthorizedApplications.Add",{"type":413,"tag":531,"props":2129,"children":2130},{"style":544},[2131],{"type":418,"value":1153},{"type":413,"tag":531,"props":2133,"children":2134},{"style":571},[2135],{"type":418,"value":2136},"teamsRichClienPreauthorization",{"type":413,"tag":531,"props":2138,"children":2139},{"style":544},[2140],{"type":418,"value":1355},{"type":413,"tag":531,"props":2142,"children":2143},{"class":533,"line":1358},[2144,2148,2152,2156,2161,2165],{"type":413,"tag":531,"props":2145,"children":2146},{"style":544},[2147],{"type":418,"value":716},{"type":413,"tag":531,"props":2149,"children":2150},{"style":571},[2151],{"type":418,"value":2127},{"type":413,"tag":531,"props":2153,"children":2154},{"style":544},[2155],{"type":418,"value":1153},{"type":413,"tag":531,"props":2157,"children":2158},{"style":571},[2159],{"type":418,"value":2160},"teamsWebClienPreauthorization",{"type":413,"tag":531,"props":2162,"children":2163},{"style":544},[2164],{"type":418,"value":1163},{"type":413,"tag":531,"props":2166,"children":2167},{"style":571},[2168],{"type":418,"value":2169}," \n",{"type":413,"tag":531,"props":2171,"children":2172},{"class":533,"line":1383},[2173,2177,2181,2185,2189,2193,2197,2201],{"type":413,"tag":531,"props":2174,"children":2175},{"style":544},[2176],{"type":418,"value":716},{"type":413,"tag":531,"props":2178,"children":2179},{"style":571},[2180],{"type":418,"value":756},{"type":413,"tag":531,"props":2182,"children":2183},{"style":544},[2184],{"type":418,"value":761},{"type":413,"tag":531,"props":2186,"children":2187},{"style":560},[2188],{"type":418,"value":766},{"type":413,"tag":531,"props":2190,"children":2191},{"style":544},[2192],{"type":418,"value":568},{"type":413,"tag":531,"props":2194,"children":2195},{"style":571},[2196],{"type":418,"value":775},{"type":413,"tag":531,"props":2198,"children":2199},{"style":544},[2200],{"type":418,"value":716},{"type":413,"tag":531,"props":2202,"children":2203},{"style":571},[2204],{"type":418,"value":784},{"type":413,"tag":531,"props":2206,"children":2207},{"class":533,"line":1677},[2208,2212,2217,2221,2225],{"type":413,"tag":531,"props":2209,"children":2210},{"style":544},[2211],{"type":418,"value":716},{"type":413,"tag":531,"props":2213,"children":2214},{"style":571},[2215],{"type":418,"value":2216},"app.Api.PreAuthorizedApplications ",{"type":413,"tag":531,"props":2218,"children":2219},{"style":544},[2220],{"type":418,"value":761},{"type":413,"tag":531,"props":2222,"children":2223},{"style":544},[2224],{"type":418,"value":953},{"type":413,"tag":531,"props":2226,"children":2227},{"style":571},[2228],{"type":418,"value":2229},"preAuthorizedApplications\n",{"type":413,"tag":531,"props":2231,"children":2232},{"class":533,"line":1699},[2233,2237,2241,2245,2249,2253,2257,2261,2265],{"type":413,"tag":531,"props":2234,"children":2235},{"style":560},[2236],{"type":418,"value":966},{"type":413,"tag":531,"props":2238,"children":2239},{"style":544},[2240],{"type":418,"value":568},{"type":413,"tag":531,"props":2242,"children":2243},{"style":571},[2244],{"type":418,"value":775},{"type":413,"tag":531,"props":2246,"children":2247},{"style":544},[2248],{"type":418,"value":716},{"type":413,"tag":531,"props":2250,"children":2251},{"style":571},[2252],{"type":418,"value":983},{"type":413,"tag":531,"props":2254,"children":2255},{"style":544},[2256],{"type":418,"value":579},{"type":413,"tag":531,"props":2258,"children":2259},{"style":571},[2260],{"type":418,"value":1413},{"type":413,"tag":531,"props":2262,"children":2263},{"style":544},[2264],{"type":418,"value":716},{"type":413,"tag":531,"props":2266,"children":2267},{"style":571},[2268],{"type":418,"value":1422},{"type":413,"tag":414,"props":2270,"children":2271},{},[2272],{"type":418,"value":2273},"This code calls a PowerShell function that simply creates the PreAuthorizedApplication object.",{"type":413,"tag":521,"props":2275,"children":2277},{"className":523,"code":2276,"language":248,"meta":401,"style":401},"\u003C#.Description\n This function creates a new PreAuthorized application on a specified scope\n#> \nfunction CreatePreAuthorizedApplication(\n [string] $applicationIdToPreAuthorize,\n [string] $scopeId)\n{\n $preAuthorizedApplication = New-Object 'Microsoft.Open.MSGraph.Model.PreAuthorizedApplication'\n $preAuthorizedApplication.AppId = $applicationIdToPreAuthorize\n $preAuthorizedApplication.DelegatedPermissionIds = @($scopeId)\n return $preAuthorizedApplication\n}\n",[2278],{"type":413,"tag":527,"props":2279,"children":2280},{"__ignoreMap":401},[2281,2296,2304,2315,2331,2359,2387,2394,2427,2452,2486,2502],{"type":413,"tag":531,"props":2282,"children":2283},{"class":533,"line":534},[2284,2288,2292],{"type":413,"tag":531,"props":2285,"children":2286},{"style":1068},[2287],{"type":418,"value":1449},{"type":413,"tag":531,"props":2289,"children":2290},{"style":1068},[2291],{"type":418,"value":430},{"type":413,"tag":531,"props":2293,"children":2294},{"style":538},[2295],{"type":418,"value":1458},{"type":413,"tag":531,"props":2297,"children":2298},{"class":533,"line":617},[2299],{"type":413,"tag":531,"props":2300,"children":2301},{"style":1068},[2302],{"type":418,"value":2303}," This function creates a new PreAuthorized application on a specified scope\n",{"type":413,"tag":531,"props":2305,"children":2306},{"class":533,"line":655},[2307,2311],{"type":413,"tag":531,"props":2308,"children":2309},{"style":1068},[2310],{"type":418,"value":1474},{"type":413,"tag":531,"props":2312,"children":2313},{"style":571},[2314],{"type":418,"value":1479},{"type":413,"tag":531,"props":2316,"children":2317},{"class":533,"line":664},[2318,2322,2327],{"type":413,"tag":531,"props":2319,"children":2320},{"style":1105},[2321],{"type":418,"value":1487},{"type":413,"tag":531,"props":2323,"children":2324},{"style":560},[2325],{"type":418,"value":2326}," CreatePreAuthorizedApplication",{"type":413,"tag":531,"props":2328,"children":2329},{"style":544},[2330],{"type":418,"value":1497},{"type":413,"tag":531,"props":2332,"children":2333},{"class":533,"line":674},[2334,2338,2342,2346,2350,2355],{"type":413,"tag":531,"props":2335,"children":2336},{"style":544},[2337],{"type":418,"value":1505},{"type":413,"tag":531,"props":2339,"children":2340},{"style":1105},[2341],{"type":418,"value":1510},{"type":413,"tag":531,"props":2343,"children":2344},{"style":544},[2345],{"type":418,"value":1515},{"type":413,"tag":531,"props":2347,"children":2348},{"style":544},[2349],{"type":418,"value":953},{"type":413,"tag":531,"props":2351,"children":2352},{"style":571},[2353],{"type":418,"value":2354},"applicationIdToPreAuthorize",{"type":413,"tag":531,"props":2356,"children":2357},{"style":544},[2358],{"type":418,"value":1529},{"type":413,"tag":531,"props":2360,"children":2361},{"class":533,"line":688},[2362,2366,2370,2374,2378,2383],{"type":413,"tag":531,"props":2363,"children":2364},{"style":544},[2365],{"type":418,"value":1505},{"type":413,"tag":531,"props":2367,"children":2368},{"style":1105},[2369],{"type":418,"value":1510},{"type":413,"tag":531,"props":2371,"children":2372},{"style":544},[2373],{"type":418,"value":1515},{"type":413,"tag":531,"props":2375,"children":2376},{"style":544},[2377],{"type":418,"value":953},{"type":413,"tag":531,"props":2379,"children":2380},{"style":571},[2381],{"type":418,"value":2382},"scopeId",{"type":413,"tag":531,"props":2384,"children":2385},{"style":544},[2386],{"type":418,"value":1355},{"type":413,"tag":531,"props":2388,"children":2389},{"class":533,"line":696},[2390],{"type":413,"tag":531,"props":2391,"children":2392},{"style":544},[2393],{"type":418,"value":1649},{"type":413,"tag":531,"props":2395,"children":2396},{"class":533,"line":1306},[2397,2401,2406,2410,2414,2418,2423],{"type":413,"tag":531,"props":2398,"children":2399},{"style":544},[2400],{"type":418,"value":1657},{"type":413,"tag":531,"props":2402,"children":2403},{"style":571},[2404],{"type":418,"value":2405},"preAuthorizedApplication ",{"type":413,"tag":531,"props":2407,"children":2408},{"style":544},[2409],{"type":418,"value":761},{"type":413,"tag":531,"props":2411,"children":2412},{"style":560},[2413],{"type":418,"value":1092},{"type":413,"tag":531,"props":2415,"children":2416},{"style":544},[2417],{"type":418,"value":1956},{"type":413,"tag":531,"props":2419,"children":2420},{"style":592},[2421],{"type":418,"value":2422},"Microsoft.Open.MSGraph.Model.PreAuthorizedApplication",{"type":413,"tag":531,"props":2424,"children":2425},{"style":544},[2426],{"type":418,"value":1966},{"type":413,"tag":531,"props":2428,"children":2429},{"class":533,"line":1332},[2430,2434,2439,2443,2447],{"type":413,"tag":531,"props":2431,"children":2432},{"style":544},[2433],{"type":418,"value":1657},{"type":413,"tag":531,"props":2435,"children":2436},{"style":571},[2437],{"type":418,"value":2438},"preAuthorizedApplication.AppId ",{"type":413,"tag":531,"props":2440,"children":2441},{"style":544},[2442],{"type":418,"value":761},{"type":413,"tag":531,"props":2444,"children":2445},{"style":544},[2446],{"type":418,"value":953},{"type":413,"tag":531,"props":2448,"children":2449},{"style":571},[2450],{"type":418,"value":2451},"applicationIdToPreAuthorize\n",{"type":413,"tag":531,"props":2453,"children":2454},{"class":533,"line":1358},[2455,2459,2464,2468,2474,2478,2482],{"type":413,"tag":531,"props":2456,"children":2457},{"style":544},[2458],{"type":418,"value":1657},{"type":413,"tag":531,"props":2460,"children":2461},{"style":571},[2462],{"type":418,"value":2463},"preAuthorizedApplication.DelegatedPermissionIds ",{"type":413,"tag":531,"props":2465,"children":2466},{"style":544},[2467],{"type":418,"value":761},{"type":413,"tag":531,"props":2469,"children":2471},{"style":2470},"--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C",[2472],{"type":418,"value":2473}," @",{"type":413,"tag":531,"props":2475,"children":2476},{"style":544},[2477],{"type":418,"value":1153},{"type":413,"tag":531,"props":2479,"children":2480},{"style":571},[2481],{"type":418,"value":2382},{"type":413,"tag":531,"props":2483,"children":2484},{"style":544},[2485],{"type":418,"value":1355},{"type":413,"tag":531,"props":2487,"children":2488},{"class":533,"line":1383},[2489,2493,2497],{"type":413,"tag":531,"props":2490,"children":2491},{"style":538},[2492],{"type":418,"value":1888},{"type":413,"tag":531,"props":2494,"children":2495},{"style":544},[2496],{"type":418,"value":953},{"type":413,"tag":531,"props":2498,"children":2499},{"style":571},[2500],{"type":418,"value":2501},"preAuthorizedApplication\n",{"type":413,"tag":531,"props":2503,"children":2504},{"class":533,"line":1677},[2505],{"type":413,"tag":531,"props":2506,"children":2507},{"style":544},[2508],{"type":418,"value":661},{"type":413,"tag":500,"props":2510,"children":2512},{"id":2511},"grant-user-level-graph-api-permissions",[2513],{"type":418,"value":2514},"Grant user-level Graph API permissions",{"type":413,"tag":414,"props":2516,"children":2517},{},[2518,2520,2527],{"type":418,"value":2519},"The next step consists in specifying the permissions the application will need for the AAD endpoint: email, offline_access, openid, profile (",{"type":413,"tag":421,"props":2521,"children":2524},{"href":2522,"rel":2523},"https://docs.microsoft.com/fr-fr/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes",[425],[2525],{"type":418,"value":2526},"OpenID connect scopes",{"type":418,"value":2528},").",{"type":413,"tag":521,"props":2530,"children":2532},{"className":523,"code":2531,"language":248,"meta":401,"style":401},"# Add API permissions needed\n$requiredResourcesAccess = New-Object System.Collections.Generic.List[Microsoft.Open.MsGraph.Model.RequiredResourceAccess]\n$requiredPermissions = GetRequiredPermissions `\n -applicationDisplayName 'Microsoft Graph' `\n -requiredDelegatedPermissions \"User.Read|email|offline_access|openid|profile\"\n$requiredResourcesAccess.Add($requiredPermissions) \nSet-AzureADMSApplication -ObjectId $app.Id -RequiredResourceAccess $requiredPermissions\n",[2533],{"type":413,"tag":527,"props":2534,"children":2535},{"__ignoreMap":401},[2536,2544,2581,2606,2635,2660,2689],{"type":413,"tag":531,"props":2537,"children":2538},{"class":533,"line":534},[2539],{"type":413,"tag":531,"props":2540,"children":2541},{"style":1068},[2542],{"type":418,"value":2543},"# Add API permissions needed\n",{"type":413,"tag":531,"props":2545,"children":2546},{"class":533,"line":617},[2547,2551,2556,2560,2564,2568,2572,2577],{"type":413,"tag":531,"props":2548,"children":2549},{"style":544},[2550],{"type":418,"value":716},{"type":413,"tag":531,"props":2552,"children":2553},{"style":571},[2554],{"type":418,"value":2555},"requiredResourcesAccess ",{"type":413,"tag":531,"props":2557,"children":2558},{"style":544},[2559],{"type":418,"value":761},{"type":413,"tag":531,"props":2561,"children":2562},{"style":560},[2563],{"type":418,"value":1092},{"type":413,"tag":531,"props":2565,"children":2566},{"style":571},[2567],{"type":418,"value":1097},{"type":413,"tag":531,"props":2569,"children":2570},{"style":544},[2571],{"type":418,"value":1102},{"type":413,"tag":531,"props":2573,"children":2574},{"style":1105},[2575],{"type":418,"value":2576},"Microsoft.Open.MsGraph.Model.RequiredResourceAccess",{"type":413,"tag":531,"props":2578,"children":2579},{"style":544},[2580],{"type":418,"value":1113},{"type":413,"tag":531,"props":2582,"children":2583},{"class":533,"line":655},[2584,2588,2593,2597,2602],{"type":413,"tag":531,"props":2585,"children":2586},{"style":544},[2587],{"type":418,"value":716},{"type":413,"tag":531,"props":2589,"children":2590},{"style":571},[2591],{"type":418,"value":2592},"requiredPermissions ",{"type":413,"tag":531,"props":2594,"children":2595},{"style":544},[2596],{"type":418,"value":761},{"type":413,"tag":531,"props":2598,"children":2599},{"style":571},[2600],{"type":418,"value":2601}," GetRequiredPermissions ",{"type":413,"tag":531,"props":2603,"children":2604},{"style":544},[2605],{"type":418,"value":1992},{"type":413,"tag":531,"props":2607,"children":2608},{"class":533,"line":664},[2609,2613,2618,2622,2627,2631],{"type":413,"tag":531,"props":2610,"children":2611},{"style":544},[2612],{"type":418,"value":1223},{"type":413,"tag":531,"props":2614,"children":2615},{"style":571},[2616],{"type":418,"value":2617},"applicationDisplayName ",{"type":413,"tag":531,"props":2619,"children":2620},{"style":544},[2621],{"type":418,"value":2009},{"type":413,"tag":531,"props":2623,"children":2624},{"style":592},[2625],{"type":418,"value":2626},"Microsoft Graph",{"type":413,"tag":531,"props":2628,"children":2629},{"style":544},[2630],{"type":418,"value":2009},{"type":413,"tag":531,"props":2632,"children":2633},{"style":544},[2634],{"type":418,"value":2023},{"type":413,"tag":531,"props":2636,"children":2637},{"class":533,"line":674},[2638,2642,2647,2651,2656],{"type":413,"tag":531,"props":2639,"children":2640},{"style":544},[2641],{"type":418,"value":1223},{"type":413,"tag":531,"props":2643,"children":2644},{"style":571},[2645],{"type":418,"value":2646},"requiredDelegatedPermissions ",{"type":413,"tag":531,"props":2648,"children":2649},{"style":544},[2650],{"type":418,"value":589},{"type":413,"tag":531,"props":2652,"children":2653},{"style":592},[2654],{"type":418,"value":2655},"User.Read|email|offline_access|openid|profile",{"type":413,"tag":531,"props":2657,"children":2658},{"style":544},[2659],{"type":418,"value":1029},{"type":413,"tag":531,"props":2661,"children":2662},{"class":533,"line":688},[2663,2667,2672,2676,2681,2685],{"type":413,"tag":531,"props":2664,"children":2665},{"style":544},[2666],{"type":418,"value":716},{"type":413,"tag":531,"props":2668,"children":2669},{"style":571},[2670],{"type":418,"value":2671},"requiredResourcesAccess.Add",{"type":413,"tag":531,"props":2673,"children":2674},{"style":544},[2675],{"type":418,"value":1153},{"type":413,"tag":531,"props":2677,"children":2678},{"style":571},[2679],{"type":418,"value":2680},"requiredPermissions",{"type":413,"tag":531,"props":2682,"children":2683},{"style":544},[2684],{"type":418,"value":1163},{"type":413,"tag":531,"props":2686,"children":2687},{"style":571},[2688],{"type":418,"value":2169},{"type":413,"tag":531,"props":2690,"children":2691},{"class":533,"line":696},[2692,2696,2700,2704,2708,2712,2716,2721,2725],{"type":413,"tag":531,"props":2693,"children":2694},{"style":560},[2695],{"type":418,"value":966},{"type":413,"tag":531,"props":2697,"children":2698},{"style":544},[2699],{"type":418,"value":568},{"type":413,"tag":531,"props":2701,"children":2702},{"style":571},[2703],{"type":418,"value":775},{"type":413,"tag":531,"props":2705,"children":2706},{"style":544},[2707],{"type":418,"value":716},{"type":413,"tag":531,"props":2709,"children":2710},{"style":571},[2711],{"type":418,"value":983},{"type":413,"tag":531,"props":2713,"children":2714},{"style":544},[2715],{"type":418,"value":579},{"type":413,"tag":531,"props":2717,"children":2718},{"style":571},[2719],{"type":418,"value":2720},"RequiredResourceAccess ",{"type":413,"tag":531,"props":2722,"children":2723},{"style":544},[2724],{"type":418,"value":716},{"type":413,"tag":531,"props":2726,"children":2727},{"style":571},[2728],{"type":418,"value":2729},"requiredPermissions\n",{"type":413,"tag":414,"props":2731,"children":2732},{},[2733,2735,2741],{"type":418,"value":2734},"This code calls a PowerShell function ",{"type":413,"tag":527,"props":2736,"children":2738},{"className":2737},[],[2739],{"type":418,"value":2740},"GetRequiredPermissions",{"type":418,"value":2742}," that add the delegated or application permissions specified in parameter. Here we only ask for delegated permissions of Microsoft Graph needed to retrieve an OpenId Connect token but this function is generic and could be used to require scopes or roles of other APIs.",{"type":413,"tag":521,"props":2744,"children":2746},{"className":523,"code":2745,"language":248,"meta":401,"style":401},"# Example: GetRequiredPermissions \"Microsoft Graph\" \"Graph.Read|User.Read\"\n# See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell\nfunction GetRequiredPermissions(\n [string] $applicationDisplayName,\n [string] $requiredDelegatedPermissions,\n [string]$requiredApplicationPermissions,\n $servicePrincipal)\n{\n # If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)\n if ($servicePrincipal)\n {\n $sp = $servicePrincipal\n }\n else\n {\n $sp = Get-AzureADServicePrincipal -Filter \"DisplayName eq '$applicationDisplayName'\"\n }\n\n $requiredAccess = New-Object Microsoft.Open.MsGraph.Model.RequiredResourceAccess\n $requiredAccess.ResourceAppId = $sp.AppId \n $requiredAccess.ResourceAccess = New-Object System.Collections.Generic.List[Microsoft.Open.MsGraph.Model.ResourceAccess]\n\n # $sp.Oauth2Permissions | Select Id,AdminConsentDisplayName,Value: To see the list of all the Delegated permissions for the application:\n if ($requiredDelegatedPermissions)\n {\n AddResourcePermission $requiredAccess -exposedPermissions $sp.Oauth2Permissions -requiredAccesses $requiredDelegatedPermissions -permissionType \"Scope\"\n }\n \n # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application\n if ($requiredApplicationPermissions)\n {\n AddResourcePermission $requiredAccess -exposedPermissions $sp.AppRoles -requiredAccesses $requiredApplicationPermissions -permissionType \"Role\"\n }\n return $requiredAccess\n}\n",[2747],{"type":413,"tag":527,"props":2748,"children":2749},{"__ignoreMap":401},[2750,2758,2766,2782,2810,2838,2863,2879,2886,2894,2915,2923,2949,2957,2965,2972,3026,3033,3040,3065,3090,3127,3135,3144,3164,3172,3246,3254,3263,3272,3292,3300,3371,3379,3396],{"type":413,"tag":531,"props":2751,"children":2752},{"class":533,"line":534},[2753],{"type":413,"tag":531,"props":2754,"children":2755},{"style":1068},[2756],{"type":418,"value":2757},"# Example: GetRequiredPermissions \"Microsoft Graph\" \"Graph.Read|User.Read\"\n",{"type":413,"tag":531,"props":2759,"children":2760},{"class":533,"line":617},[2761],{"type":413,"tag":531,"props":2762,"children":2763},{"style":1068},[2764],{"type":418,"value":2765},"# See also: http://stackoverflow.com/questions/42164581/how-to-configure-a-new-azure-ad-application-through-powershell\n",{"type":413,"tag":531,"props":2767,"children":2768},{"class":533,"line":655},[2769,2773,2778],{"type":413,"tag":531,"props":2770,"children":2771},{"style":1105},[2772],{"type":418,"value":1487},{"type":413,"tag":531,"props":2774,"children":2775},{"style":560},[2776],{"type":418,"value":2777}," GetRequiredPermissions",{"type":413,"tag":531,"props":2779,"children":2780},{"style":544},[2781],{"type":418,"value":1497},{"type":413,"tag":531,"props":2783,"children":2784},{"class":533,"line":664},[2785,2789,2793,2797,2801,2806],{"type":413,"tag":531,"props":2786,"children":2787},{"style":544},[2788],{"type":418,"value":1505},{"type":413,"tag":531,"props":2790,"children":2791},{"style":1105},[2792],{"type":418,"value":1510},{"type":413,"tag":531,"props":2794,"children":2795},{"style":544},[2796],{"type":418,"value":1515},{"type":413,"tag":531,"props":2798,"children":2799},{"style":544},[2800],{"type":418,"value":953},{"type":413,"tag":531,"props":2802,"children":2803},{"style":571},[2804],{"type":418,"value":2805},"applicationDisplayName",{"type":413,"tag":531,"props":2807,"children":2808},{"style":544},[2809],{"type":418,"value":1529},{"type":413,"tag":531,"props":2811,"children":2812},{"class":533,"line":674},[2813,2817,2821,2825,2829,2834],{"type":413,"tag":531,"props":2814,"children":2815},{"style":544},[2816],{"type":418,"value":1505},{"type":413,"tag":531,"props":2818,"children":2819},{"style":1105},[2820],{"type":418,"value":1510},{"type":413,"tag":531,"props":2822,"children":2823},{"style":544},[2824],{"type":418,"value":1515},{"type":413,"tag":531,"props":2826,"children":2827},{"style":544},[2828],{"type":418,"value":953},{"type":413,"tag":531,"props":2830,"children":2831},{"style":571},[2832],{"type":418,"value":2833},"requiredDelegatedPermissions",{"type":413,"tag":531,"props":2835,"children":2836},{"style":544},[2837],{"type":418,"value":1529},{"type":413,"tag":531,"props":2839,"children":2840},{"class":533,"line":688},[2841,2845,2849,2854,2859],{"type":413,"tag":531,"props":2842,"children":2843},{"style":544},[2844],{"type":418,"value":1505},{"type":413,"tag":531,"props":2846,"children":2847},{"style":1105},[2848],{"type":418,"value":1510},{"type":413,"tag":531,"props":2850,"children":2851},{"style":544},[2852],{"type":418,"value":2853},"]$",{"type":413,"tag":531,"props":2855,"children":2856},{"style":571},[2857],{"type":418,"value":2858},"requiredApplicationPermissions",{"type":413,"tag":531,"props":2860,"children":2861},{"style":544},[2862],{"type":418,"value":1529},{"type":413,"tag":531,"props":2864,"children":2865},{"class":533,"line":696},[2866,2870,2875],{"type":413,"tag":531,"props":2867,"children":2868},{"style":544},[2869],{"type":418,"value":1657},{"type":413,"tag":531,"props":2871,"children":2872},{"style":571},[2873],{"type":418,"value":2874},"servicePrincipal",{"type":413,"tag":531,"props":2876,"children":2877},{"style":544},[2878],{"type":418,"value":1355},{"type":413,"tag":531,"props":2880,"children":2881},{"class":533,"line":1306},[2882],{"type":413,"tag":531,"props":2883,"children":2884},{"style":544},[2885],{"type":418,"value":1649},{"type":413,"tag":531,"props":2887,"children":2888},{"class":533,"line":1332},[2889],{"type":413,"tag":531,"props":2890,"children":2891},{"style":1068},[2892],{"type":418,"value":2893}," # If we are passed the service principal we use it directly, otherwise we find it from the display name (which might not be unique)\n",{"type":413,"tag":531,"props":2895,"children":2896},{"class":533,"line":1358},[2897,2902,2907,2911],{"type":413,"tag":531,"props":2898,"children":2899},{"style":538},[2900],{"type":418,"value":2901}," if",{"type":413,"tag":531,"props":2903,"children":2904},{"style":544},[2905],{"type":418,"value":2906}," ($",{"type":413,"tag":531,"props":2908,"children":2909},{"style":571},[2910],{"type":418,"value":2874},{"type":413,"tag":531,"props":2912,"children":2913},{"style":544},[2914],{"type":418,"value":1355},{"type":413,"tag":531,"props":2916,"children":2917},{"class":533,"line":1383},[2918],{"type":413,"tag":531,"props":2919,"children":2920},{"style":544},[2921],{"type":418,"value":2922}," {\n",{"type":413,"tag":531,"props":2924,"children":2925},{"class":533,"line":1677},[2926,2931,2936,2940,2944],{"type":413,"tag":531,"props":2927,"children":2928},{"style":544},[2929],{"type":418,"value":2930}," $",{"type":413,"tag":531,"props":2932,"children":2933},{"style":571},[2934],{"type":418,"value":2935},"sp ",{"type":413,"tag":531,"props":2937,"children":2938},{"style":544},[2939],{"type":418,"value":761},{"type":413,"tag":531,"props":2941,"children":2942},{"style":544},[2943],{"type":418,"value":953},{"type":413,"tag":531,"props":2945,"children":2946},{"style":571},[2947],{"type":418,"value":2948},"servicePrincipal\n",{"type":413,"tag":531,"props":2950,"children":2951},{"class":533,"line":1699},[2952],{"type":413,"tag":531,"props":2953,"children":2954},{"style":544},[2955],{"type":418,"value":2956}," }\n",{"type":413,"tag":531,"props":2958,"children":2959},{"class":533,"line":1725},[2960],{"type":413,"tag":531,"props":2961,"children":2962},{"style":538},[2963],{"type":418,"value":2964}," else\n",{"type":413,"tag":531,"props":2966,"children":2967},{"class":533,"line":1751},[2968],{"type":413,"tag":531,"props":2969,"children":2970},{"style":544},[2971],{"type":418,"value":2922},{"type":413,"tag":531,"props":2973,"children":2974},{"class":533,"line":1777},[2975,2979,2983,2987,2992,2996,3001,3005,3010,3014,3018,3022],{"type":413,"tag":531,"props":2976,"children":2977},{"style":544},[2978],{"type":418,"value":2930},{"type":413,"tag":531,"props":2980,"children":2981},{"style":571},[2982],{"type":418,"value":2935},{"type":413,"tag":531,"props":2984,"children":2985},{"style":544},[2986],{"type":418,"value":761},{"type":413,"tag":531,"props":2988,"children":2989},{"style":560},[2990],{"type":418,"value":2991}," Get-AzureADServicePrincipal",{"type":413,"tag":531,"props":2993,"children":2994},{"style":544},[2995],{"type":418,"value":568},{"type":413,"tag":531,"props":2997,"children":2998},{"style":571},[2999],{"type":418,"value":3000},"Filter ",{"type":413,"tag":531,"props":3002,"children":3003},{"style":544},[3004],{"type":418,"value":589},{"type":413,"tag":531,"props":3006,"children":3007},{"style":592},[3008],{"type":418,"value":3009},"DisplayName eq '",{"type":413,"tag":531,"props":3011,"children":3012},{"style":544},[3013],{"type":418,"value":716},{"type":413,"tag":531,"props":3015,"children":3016},{"style":571},[3017],{"type":418,"value":2805},{"type":413,"tag":531,"props":3019,"children":3020},{"style":592},[3021],{"type":418,"value":2009},{"type":413,"tag":531,"props":3023,"children":3024},{"style":544},[3025],{"type":418,"value":1029},{"type":413,"tag":531,"props":3027,"children":3028},{"class":533,"line":1803},[3029],{"type":413,"tag":531,"props":3030,"children":3031},{"style":544},[3032],{"type":418,"value":2956},{"type":413,"tag":531,"props":3034,"children":3035},{"class":533,"line":1829},[3036],{"type":413,"tag":531,"props":3037,"children":3038},{"emptyLinePlaceholder":668},[3039],{"type":418,"value":671},{"type":413,"tag":531,"props":3041,"children":3042},{"class":533,"line":1851},[3043,3047,3052,3056,3060],{"type":413,"tag":531,"props":3044,"children":3045},{"style":544},[3046],{"type":418,"value":1657},{"type":413,"tag":531,"props":3048,"children":3049},{"style":571},[3050],{"type":418,"value":3051},"requiredAccess ",{"type":413,"tag":531,"props":3053,"children":3054},{"style":544},[3055],{"type":418,"value":761},{"type":413,"tag":531,"props":3057,"children":3058},{"style":560},[3059],{"type":418,"value":1092},{"type":413,"tag":531,"props":3061,"children":3062},{"style":571},[3063],{"type":418,"value":3064}," Microsoft.Open.MsGraph.Model.RequiredResourceAccess\n",{"type":413,"tag":531,"props":3066,"children":3067},{"class":533,"line":1882},[3068,3072,3077,3081,3085],{"type":413,"tag":531,"props":3069,"children":3070},{"style":544},[3071],{"type":418,"value":1657},{"type":413,"tag":531,"props":3073,"children":3074},{"style":571},[3075],{"type":418,"value":3076},"requiredAccess.ResourceAppId ",{"type":413,"tag":531,"props":3078,"children":3079},{"style":544},[3080],{"type":418,"value":761},{"type":413,"tag":531,"props":3082,"children":3083},{"style":544},[3084],{"type":418,"value":953},{"type":413,"tag":531,"props":3086,"children":3087},{"style":571},[3088],{"type":418,"value":3089},"sp.AppId \n",{"type":413,"tag":531,"props":3091,"children":3092},{"class":533,"line":1900},[3093,3097,3102,3106,3110,3114,3118,3123],{"type":413,"tag":531,"props":3094,"children":3095},{"style":544},[3096],{"type":418,"value":1657},{"type":413,"tag":531,"props":3098,"children":3099},{"style":571},[3100],{"type":418,"value":3101},"requiredAccess.ResourceAccess ",{"type":413,"tag":531,"props":3103,"children":3104},{"style":544},[3105],{"type":418,"value":761},{"type":413,"tag":531,"props":3107,"children":3108},{"style":560},[3109],{"type":418,"value":1092},{"type":413,"tag":531,"props":3111,"children":3112},{"style":571},[3113],{"type":418,"value":1097},{"type":413,"tag":531,"props":3115,"children":3116},{"style":544},[3117],{"type":418,"value":1102},{"type":413,"tag":531,"props":3119,"children":3120},{"style":1105},[3121],{"type":418,"value":3122},"Microsoft.Open.MsGraph.Model.ResourceAccess",{"type":413,"tag":531,"props":3124,"children":3125},{"style":544},[3126],{"type":418,"value":1113},{"type":413,"tag":531,"props":3128,"children":3130},{"class":533,"line":3129},22,[3131],{"type":413,"tag":531,"props":3132,"children":3133},{"emptyLinePlaceholder":668},[3134],{"type":418,"value":671},{"type":413,"tag":531,"props":3136,"children":3138},{"class":533,"line":3137},23,[3139],{"type":413,"tag":531,"props":3140,"children":3141},{"style":1068},[3142],{"type":418,"value":3143}," # $sp.Oauth2Permissions | Select Id,AdminConsentDisplayName,Value: To see the list of all the Delegated permissions for the application:\n",{"type":413,"tag":531,"props":3145,"children":3147},{"class":533,"line":3146},24,[3148,3152,3156,3160],{"type":413,"tag":531,"props":3149,"children":3150},{"style":538},[3151],{"type":418,"value":2901},{"type":413,"tag":531,"props":3153,"children":3154},{"style":544},[3155],{"type":418,"value":2906},{"type":413,"tag":531,"props":3157,"children":3158},{"style":571},[3159],{"type":418,"value":2833},{"type":413,"tag":531,"props":3161,"children":3162},{"style":544},[3163],{"type":418,"value":1355},{"type":413,"tag":531,"props":3165,"children":3167},{"class":533,"line":3166},25,[3168],{"type":413,"tag":531,"props":3169,"children":3170},{"style":544},[3171],{"type":418,"value":2922},{"type":413,"tag":531,"props":3173,"children":3175},{"class":533,"line":3174},26,[3176,3181,3185,3189,3193,3198,3202,3207,3211,3216,3220,3224,3228,3233,3237,3242],{"type":413,"tag":531,"props":3177,"children":3178},{"style":571},[3179],{"type":418,"value":3180}," AddResourcePermission ",{"type":413,"tag":531,"props":3182,"children":3183},{"style":544},[3184],{"type":418,"value":716},{"type":413,"tag":531,"props":3186,"children":3187},{"style":571},[3188],{"type":418,"value":3051},{"type":413,"tag":531,"props":3190,"children":3191},{"style":544},[3192],{"type":418,"value":579},{"type":413,"tag":531,"props":3194,"children":3195},{"style":571},[3196],{"type":418,"value":3197},"exposedPermissions ",{"type":413,"tag":531,"props":3199,"children":3200},{"style":544},[3201],{"type":418,"value":716},{"type":413,"tag":531,"props":3203,"children":3204},{"style":571},[3205],{"type":418,"value":3206},"sp.Oauth2Permissions ",{"type":413,"tag":531,"props":3208,"children":3209},{"style":544},[3210],{"type":418,"value":579},{"type":413,"tag":531,"props":3212,"children":3213},{"style":571},[3214],{"type":418,"value":3215},"requiredAccesses ",{"type":413,"tag":531,"props":3217,"children":3218},{"style":544},[3219],{"type":418,"value":716},{"type":413,"tag":531,"props":3221,"children":3222},{"style":571},[3223],{"type":418,"value":2646},{"type":413,"tag":531,"props":3225,"children":3226},{"style":544},[3227],{"type":418,"value":579},{"type":413,"tag":531,"props":3229,"children":3230},{"style":571},[3231],{"type":418,"value":3232},"permissionType ",{"type":413,"tag":531,"props":3234,"children":3235},{"style":544},[3236],{"type":418,"value":589},{"type":413,"tag":531,"props":3238,"children":3239},{"style":592},[3240],{"type":418,"value":3241},"Scope",{"type":413,"tag":531,"props":3243,"children":3244},{"style":544},[3245],{"type":418,"value":1029},{"type":413,"tag":531,"props":3247,"children":3249},{"class":533,"line":3248},27,[3250],{"type":413,"tag":531,"props":3251,"children":3252},{"style":544},[3253],{"type":418,"value":2956},{"type":413,"tag":531,"props":3255,"children":3257},{"class":533,"line":3256},28,[3258],{"type":413,"tag":531,"props":3259,"children":3260},{"style":571},[3261],{"type":418,"value":3262}," \n",{"type":413,"tag":531,"props":3264,"children":3266},{"class":533,"line":3265},29,[3267],{"type":413,"tag":531,"props":3268,"children":3269},{"style":1068},[3270],{"type":418,"value":3271}," # $sp.AppRoles | Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application\n",{"type":413,"tag":531,"props":3273,"children":3275},{"class":533,"line":3274},30,[3276,3280,3284,3288],{"type":413,"tag":531,"props":3277,"children":3278},{"style":538},[3279],{"type":418,"value":2901},{"type":413,"tag":531,"props":3281,"children":3282},{"style":544},[3283],{"type":418,"value":2906},{"type":413,"tag":531,"props":3285,"children":3286},{"style":571},[3287],{"type":418,"value":2858},{"type":413,"tag":531,"props":3289,"children":3290},{"style":544},[3291],{"type":418,"value":1355},{"type":413,"tag":531,"props":3293,"children":3295},{"class":533,"line":3294},31,[3296],{"type":413,"tag":531,"props":3297,"children":3298},{"style":544},[3299],{"type":418,"value":2922},{"type":413,"tag":531,"props":3301,"children":3303},{"class":533,"line":3302},32,[3304,3308,3312,3316,3320,3324,3328,3333,3337,3341,3345,3350,3354,3358,3362,3367],{"type":413,"tag":531,"props":3305,"children":3306},{"style":571},[3307],{"type":418,"value":3180},{"type":413,"tag":531,"props":3309,"children":3310},{"style":544},[3311],{"type":418,"value":716},{"type":413,"tag":531,"props":3313,"children":3314},{"style":571},[3315],{"type":418,"value":3051},{"type":413,"tag":531,"props":3317,"children":3318},{"style":544},[3319],{"type":418,"value":579},{"type":413,"tag":531,"props":3321,"children":3322},{"style":571},[3323],{"type":418,"value":3197},{"type":413,"tag":531,"props":3325,"children":3326},{"style":544},[3327],{"type":418,"value":716},{"type":413,"tag":531,"props":3329,"children":3330},{"style":571},[3331],{"type":418,"value":3332},"sp.AppRoles ",{"type":413,"tag":531,"props":3334,"children":3335},{"style":544},[3336],{"type":418,"value":579},{"type":413,"tag":531,"props":3338,"children":3339},{"style":571},[3340],{"type":418,"value":3215},{"type":413,"tag":531,"props":3342,"children":3343},{"style":544},[3344],{"type":418,"value":716},{"type":413,"tag":531,"props":3346,"children":3347},{"style":571},[3348],{"type":418,"value":3349},"requiredApplicationPermissions ",{"type":413,"tag":531,"props":3351,"children":3352},{"style":544},[3353],{"type":418,"value":579},{"type":413,"tag":531,"props":3355,"children":3356},{"style":571},[3357],{"type":418,"value":3232},{"type":413,"tag":531,"props":3359,"children":3360},{"style":544},[3361],{"type":418,"value":589},{"type":413,"tag":531,"props":3363,"children":3364},{"style":592},[3365],{"type":418,"value":3366},"Role",{"type":413,"tag":531,"props":3368,"children":3369},{"style":544},[3370],{"type":418,"value":1029},{"type":413,"tag":531,"props":3372,"children":3374},{"class":533,"line":3373},33,[3375],{"type":413,"tag":531,"props":3376,"children":3377},{"style":544},[3378],{"type":418,"value":2956},{"type":413,"tag":531,"props":3380,"children":3382},{"class":533,"line":3381},34,[3383,3387,3391],{"type":413,"tag":531,"props":3384,"children":3385},{"style":538},[3386],{"type":418,"value":1888},{"type":413,"tag":531,"props":3388,"children":3389},{"style":544},[3390],{"type":418,"value":953},{"type":413,"tag":531,"props":3392,"children":3393},{"style":571},[3394],{"type":418,"value":3395},"requiredAccess\n",{"type":413,"tag":531,"props":3397,"children":3399},{"class":533,"line":3398},35,[3400],{"type":413,"tag":531,"props":3401,"children":3402},{"style":544},[3403],{"type":418,"value":661},{"type":413,"tag":414,"props":3405,"children":3406},{},[3407,3409,3414,3416,3422],{"type":418,"value":3408},"The ",{"type":413,"tag":527,"props":3410,"children":3412},{"className":3411},[],[3413],{"type":418,"value":2740},{"type":418,"value":3415}," function calls a ",{"type":413,"tag":527,"props":3417,"children":3419},{"className":3418},[],[3420],{"type":418,"value":3421},"AddResourcePermission",{"type":418,"value":3423}," function that creates permissions (ResourceAccess objects).",{"type":413,"tag":521,"props":3425,"children":3427},{"className":523,"code":3426,"language":248,"meta":401,"style":401},"# Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure\n# The exposed permissions are in the $exposedPermissions collection, and the type of permission (Scope | Role) is \n# described in $permissionType\nfunction AddResourcePermission(\n $requiredAccess,\n $exposedPermissions,\n [string]$requiredAccesses,\n [string]$permissionType)\n{\n foreach($permission in $requiredAccesses.Trim().Split(\"|\"))\n {\n foreach($exposedPermission in $exposedPermissions)\n {\n if ($exposedPermission.Value -eq $permission)\n {\n $resourceAccess = New-Object Microsoft.Open.MsGraph.Model.ResourceAccess\n $resourceAccess.Type = $permissionType # Scope = Delegated permissions | Role = Application permissions\n $resourceAccess.Id = $exposedPermission.Id # Read directory data\n $requiredAccess.ResourceAccess.Add($resourceAccess)\n }\n }\n }\n}\n",[3428],{"type":413,"tag":527,"props":3429,"children":3430},{"__ignoreMap":401},[3431,3439,3447,3455,3471,3487,3503,3527,3551,3558,3621,3629,3662,3670,3705,3713,3739,3768,3798,3823,3831,3839,3847],{"type":413,"tag":531,"props":3432,"children":3433},{"class":533,"line":534},[3434],{"type":413,"tag":531,"props":3435,"children":3436},{"style":1068},[3437],{"type":418,"value":3438},"# Adds the requiredAccesses (expressed as a pipe separated string) to the requiredAccess structure\n",{"type":413,"tag":531,"props":3440,"children":3441},{"class":533,"line":617},[3442],{"type":413,"tag":531,"props":3443,"children":3444},{"style":1068},[3445],{"type":418,"value":3446},"# The exposed permissions are in the $exposedPermissions collection, and the type of permission (Scope | Role) is \n",{"type":413,"tag":531,"props":3448,"children":3449},{"class":533,"line":655},[3450],{"type":413,"tag":531,"props":3451,"children":3452},{"style":1068},[3453],{"type":418,"value":3454},"# described in $permissionType\n",{"type":413,"tag":531,"props":3456,"children":3457},{"class":533,"line":664},[3458,3462,3467],{"type":413,"tag":531,"props":3459,"children":3460},{"style":1105},[3461],{"type":418,"value":1487},{"type":413,"tag":531,"props":3463,"children":3464},{"style":560},[3465],{"type":418,"value":3466}," AddResourcePermission",{"type":413,"tag":531,"props":3468,"children":3469},{"style":544},[3470],{"type":418,"value":1497},{"type":413,"tag":531,"props":3472,"children":3473},{"class":533,"line":674},[3474,3478,3483],{"type":413,"tag":531,"props":3475,"children":3476},{"style":544},[3477],{"type":418,"value":1657},{"type":413,"tag":531,"props":3479,"children":3480},{"style":571},[3481],{"type":418,"value":3482},"requiredAccess",{"type":413,"tag":531,"props":3484,"children":3485},{"style":544},[3486],{"type":418,"value":1529},{"type":413,"tag":531,"props":3488,"children":3489},{"class":533,"line":688},[3490,3494,3499],{"type":413,"tag":531,"props":3491,"children":3492},{"style":544},[3493],{"type":418,"value":1657},{"type":413,"tag":531,"props":3495,"children":3496},{"style":571},[3497],{"type":418,"value":3498},"exposedPermissions",{"type":413,"tag":531,"props":3500,"children":3501},{"style":544},[3502],{"type":418,"value":1529},{"type":413,"tag":531,"props":3504,"children":3505},{"class":533,"line":696},[3506,3510,3514,3518,3523],{"type":413,"tag":531,"props":3507,"children":3508},{"style":544},[3509],{"type":418,"value":1505},{"type":413,"tag":531,"props":3511,"children":3512},{"style":1105},[3513],{"type":418,"value":1510},{"type":413,"tag":531,"props":3515,"children":3516},{"style":544},[3517],{"type":418,"value":2853},{"type":413,"tag":531,"props":3519,"children":3520},{"style":571},[3521],{"type":418,"value":3522},"requiredAccesses",{"type":413,"tag":531,"props":3524,"children":3525},{"style":544},[3526],{"type":418,"value":1529},{"type":413,"tag":531,"props":3528,"children":3529},{"class":533,"line":1306},[3530,3534,3538,3542,3547],{"type":413,"tag":531,"props":3531,"children":3532},{"style":544},[3533],{"type":418,"value":1505},{"type":413,"tag":531,"props":3535,"children":3536},{"style":1105},[3537],{"type":418,"value":1510},{"type":413,"tag":531,"props":3539,"children":3540},{"style":544},[3541],{"type":418,"value":2853},{"type":413,"tag":531,"props":3543,"children":3544},{"style":571},[3545],{"type":418,"value":3546},"permissionType",{"type":413,"tag":531,"props":3548,"children":3549},{"style":544},[3550],{"type":418,"value":1355},{"type":413,"tag":531,"props":3552,"children":3553},{"class":533,"line":1332},[3554],{"type":413,"tag":531,"props":3555,"children":3556},{"style":544},[3557],{"type":418,"value":1649},{"type":413,"tag":531,"props":3559,"children":3560},{"class":533,"line":1358},[3561,3566,3570,3575,3580,3584,3589,3594,3599,3604,3608,3612,3616],{"type":413,"tag":531,"props":3562,"children":3563},{"style":538},[3564],{"type":418,"value":3565}," foreach",{"type":413,"tag":531,"props":3567,"children":3568},{"style":544},[3569],{"type":418,"value":1153},{"type":413,"tag":531,"props":3571,"children":3572},{"style":571},[3573],{"type":418,"value":3574},"permission ",{"type":413,"tag":531,"props":3576,"children":3577},{"style":538},[3578],{"type":418,"value":3579},"in",{"type":413,"tag":531,"props":3581,"children":3582},{"style":544},[3583],{"type":418,"value":953},{"type":413,"tag":531,"props":3585,"children":3586},{"style":571},[3587],{"type":418,"value":3588},"requiredAccesses.Trim",{"type":413,"tag":531,"props":3590,"children":3591},{"style":544},[3592],{"type":418,"value":3593},"()",{"type":413,"tag":531,"props":3595,"children":3596},{"style":571},[3597],{"type":418,"value":3598},".Split",{"type":413,"tag":531,"props":3600,"children":3601},{"style":544},[3602],{"type":418,"value":3603},"(",{"type":413,"tag":531,"props":3605,"children":3606},{"style":544},[3607],{"type":418,"value":589},{"type":413,"tag":531,"props":3609,"children":3610},{"style":592},[3611],{"type":418,"value":1130},{"type":413,"tag":531,"props":3613,"children":3614},{"style":544},[3615],{"type":418,"value":589},{"type":413,"tag":531,"props":3617,"children":3618},{"style":544},[3619],{"type":418,"value":3620},"))\n",{"type":413,"tag":531,"props":3622,"children":3623},{"class":533,"line":1383},[3624],{"type":413,"tag":531,"props":3625,"children":3626},{"style":544},[3627],{"type":418,"value":3628}," {\n",{"type":413,"tag":531,"props":3630,"children":3631},{"class":533,"line":1677},[3632,3637,3641,3646,3650,3654,3658],{"type":413,"tag":531,"props":3633,"children":3634},{"style":538},[3635],{"type":418,"value":3636}," foreach",{"type":413,"tag":531,"props":3638,"children":3639},{"style":544},[3640],{"type":418,"value":1153},{"type":413,"tag":531,"props":3642,"children":3643},{"style":571},[3644],{"type":418,"value":3645},"exposedPermission ",{"type":413,"tag":531,"props":3647,"children":3648},{"style":538},[3649],{"type":418,"value":3579},{"type":413,"tag":531,"props":3651,"children":3652},{"style":544},[3653],{"type":418,"value":953},{"type":413,"tag":531,"props":3655,"children":3656},{"style":571},[3657],{"type":418,"value":3498},{"type":413,"tag":531,"props":3659,"children":3660},{"style":544},[3661],{"type":418,"value":1355},{"type":413,"tag":531,"props":3663,"children":3664},{"class":533,"line":1699},[3665],{"type":413,"tag":531,"props":3666,"children":3667},{"style":544},[3668],{"type":418,"value":3669}," {\n",{"type":413,"tag":531,"props":3671,"children":3672},{"class":533,"line":1725},[3673,3678,3682,3687,3692,3696,3701],{"type":413,"tag":531,"props":3674,"children":3675},{"style":538},[3676],{"type":418,"value":3677}," if",{"type":413,"tag":531,"props":3679,"children":3680},{"style":544},[3681],{"type":418,"value":2906},{"type":413,"tag":531,"props":3683,"children":3684},{"style":571},[3685],{"type":418,"value":3686},"exposedPermission.Value ",{"type":413,"tag":531,"props":3688,"children":3689},{"style":544},[3690],{"type":418,"value":3691},"-eq",{"type":413,"tag":531,"props":3693,"children":3694},{"style":544},[3695],{"type":418,"value":953},{"type":413,"tag":531,"props":3697,"children":3698},{"style":571},[3699],{"type":418,"value":3700},"permission",{"type":413,"tag":531,"props":3702,"children":3703},{"style":544},[3704],{"type":418,"value":1355},{"type":413,"tag":531,"props":3706,"children":3707},{"class":533,"line":1751},[3708],{"type":413,"tag":531,"props":3709,"children":3710},{"style":544},[3711],{"type":418,"value":3712}," {\n",{"type":413,"tag":531,"props":3714,"children":3715},{"class":533,"line":1777},[3716,3721,3726,3730,3734],{"type":413,"tag":531,"props":3717,"children":3718},{"style":544},[3719],{"type":418,"value":3720}," $",{"type":413,"tag":531,"props":3722,"children":3723},{"style":571},[3724],{"type":418,"value":3725},"resourceAccess ",{"type":413,"tag":531,"props":3727,"children":3728},{"style":544},[3729],{"type":418,"value":761},{"type":413,"tag":531,"props":3731,"children":3732},{"style":560},[3733],{"type":418,"value":1092},{"type":413,"tag":531,"props":3735,"children":3736},{"style":571},[3737],{"type":418,"value":3738}," Microsoft.Open.MsGraph.Model.ResourceAccess\n",{"type":413,"tag":531,"props":3740,"children":3741},{"class":533,"line":1803},[3742,3746,3751,3755,3759,3763],{"type":413,"tag":531,"props":3743,"children":3744},{"style":544},[3745],{"type":418,"value":3720},{"type":413,"tag":531,"props":3747,"children":3748},{"style":571},[3749],{"type":418,"value":3750},"resourceAccess.Type ",{"type":413,"tag":531,"props":3752,"children":3753},{"style":544},[3754],{"type":418,"value":761},{"type":413,"tag":531,"props":3756,"children":3757},{"style":544},[3758],{"type":418,"value":953},{"type":413,"tag":531,"props":3760,"children":3761},{"style":571},[3762],{"type":418,"value":3232},{"type":413,"tag":531,"props":3764,"children":3765},{"style":1068},[3766],{"type":418,"value":3767},"# Scope = Delegated permissions | Role = Application permissions\n",{"type":413,"tag":531,"props":3769,"children":3770},{"class":533,"line":1829},[3771,3775,3780,3784,3788,3793],{"type":413,"tag":531,"props":3772,"children":3773},{"style":544},[3774],{"type":418,"value":3720},{"type":413,"tag":531,"props":3776,"children":3777},{"style":571},[3778],{"type":418,"value":3779},"resourceAccess.Id ",{"type":413,"tag":531,"props":3781,"children":3782},{"style":544},[3783],{"type":418,"value":761},{"type":413,"tag":531,"props":3785,"children":3786},{"style":544},[3787],{"type":418,"value":953},{"type":413,"tag":531,"props":3789,"children":3790},{"style":571},[3791],{"type":418,"value":3792},"exposedPermission.Id ",{"type":413,"tag":531,"props":3794,"children":3795},{"style":1068},[3796],{"type":418,"value":3797},"# Read directory data\n",{"type":413,"tag":531,"props":3799,"children":3800},{"class":533,"line":1851},[3801,3805,3810,3814,3819],{"type":413,"tag":531,"props":3802,"children":3803},{"style":544},[3804],{"type":418,"value":3720},{"type":413,"tag":531,"props":3806,"children":3807},{"style":571},[3808],{"type":418,"value":3809},"requiredAccess.ResourceAccess.Add",{"type":413,"tag":531,"props":3811,"children":3812},{"style":544},[3813],{"type":418,"value":1153},{"type":413,"tag":531,"props":3815,"children":3816},{"style":571},[3817],{"type":418,"value":3818},"resourceAccess",{"type":413,"tag":531,"props":3820,"children":3821},{"style":544},[3822],{"type":418,"value":1355},{"type":413,"tag":531,"props":3824,"children":3825},{"class":533,"line":1882},[3826],{"type":413,"tag":531,"props":3827,"children":3828},{"style":544},[3829],{"type":418,"value":3830}," }\n",{"type":413,"tag":531,"props":3832,"children":3833},{"class":533,"line":1900},[3834],{"type":413,"tag":531,"props":3835,"children":3836},{"style":544},[3837],{"type":418,"value":3838}," }\n",{"type":413,"tag":531,"props":3840,"children":3841},{"class":533,"line":3129},[3842],{"type":413,"tag":531,"props":3843,"children":3844},{"style":544},[3845],{"type":418,"value":3846}," }\n",{"type":413,"tag":531,"props":3848,"children":3849},{"class":533,"line":3137},[3850],{"type":413,"tag":531,"props":3851,"children":3852},{"style":544},[3853],{"type":418,"value":661},{"type":413,"tag":432,"props":3855,"children":3857},{"id":3856},"using-the-script-in-an-azure-pipeline",[3858],{"type":418,"value":3859},"Using the script in an Azure Pipeline",{"type":413,"tag":414,"props":3861,"children":3862},{},[3863,3865,3872],{"type":418,"value":3864},"To execute this script in the Azure pipeline that deploys and configures the rest of the application infrastructure we can use an ",{"type":413,"tag":421,"props":3866,"children":3869},{"href":3867,"rel":3868},"https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-powershell?view=azure-devops",[425],[3870],{"type":418,"value":3871},"Azure PowerShell task",{"type":418,"value":430},{"type":413,"tag":414,"props":3874,"children":3875},{},[3876],{"type":418,"value":3877},"The task of the Azure Pipeline will look like this:",{"type":413,"tag":521,"props":3879,"children":3883},{"className":3880,"code":3881,"language":3882,"meta":401,"style":401},"language-yaml shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","- task: AzurePowerShell@5\n displayName: 'Configure Teams tab SSO'\n inputs:\n azureSubscription: 'My Azure Service Connection'\n ScriptType: 'FilePath'\n ScriptPath: 'infra/AdditionalScripts/ConfigureTeamsTabSSO.ps1'\n ScriptArguments: \n -applicationObjectId $(AzureAdObjectId) `\n -customDomainName $(CustomDomainName)\n azurePowerShellVersion: 'LatestVersion'\n","yaml",[3884],{"type":413,"tag":527,"props":3885,"children":3886},{"__ignoreMap":401},[3887,3910,3935,3948,3973,3998,4023,4039,4047,4055],{"type":413,"tag":531,"props":3888,"children":3889},{"class":533,"line":534},[3890,3894,3900,3905],{"type":413,"tag":531,"props":3891,"children":3892},{"style":544},[3893],{"type":418,"value":579},{"type":413,"tag":531,"props":3895,"children":3897},{"style":3896},"--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178",[3898],{"type":418,"value":3899}," task",{"type":413,"tag":531,"props":3901,"children":3902},{"style":544},[3903],{"type":418,"value":3904},":",{"type":413,"tag":531,"props":3906,"children":3907},{"style":592},[3908],{"type":418,"value":3909}," AzurePowerShell@5\n",{"type":413,"tag":531,"props":3911,"children":3912},{"class":533,"line":617},[3913,3918,3922,3926,3931],{"type":413,"tag":531,"props":3914,"children":3915},{"style":3896},[3916],{"type":418,"value":3917}," displayName",{"type":413,"tag":531,"props":3919,"children":3920},{"style":544},[3921],{"type":418,"value":3904},{"type":413,"tag":531,"props":3923,"children":3924},{"style":544},[3925],{"type":418,"value":1956},{"type":413,"tag":531,"props":3927,"children":3928},{"style":592},[3929],{"type":418,"value":3930},"Configure Teams tab SSO",{"type":413,"tag":531,"props":3932,"children":3933},{"style":544},[3934],{"type":418,"value":1966},{"type":413,"tag":531,"props":3936,"children":3937},{"class":533,"line":655},[3938,3943],{"type":413,"tag":531,"props":3939,"children":3940},{"style":3896},[3941],{"type":418,"value":3942}," inputs",{"type":413,"tag":531,"props":3944,"children":3945},{"style":544},[3946],{"type":418,"value":3947},":\n",{"type":413,"tag":531,"props":3949,"children":3950},{"class":533,"line":664},[3951,3956,3960,3964,3969],{"type":413,"tag":531,"props":3952,"children":3953},{"style":3896},[3954],{"type":418,"value":3955}," azureSubscription",{"type":413,"tag":531,"props":3957,"children":3958},{"style":544},[3959],{"type":418,"value":3904},{"type":413,"tag":531,"props":3961,"children":3962},{"style":544},[3963],{"type":418,"value":1956},{"type":413,"tag":531,"props":3965,"children":3966},{"style":592},[3967],{"type":418,"value":3968},"My Azure Service Connection",{"type":413,"tag":531,"props":3970,"children":3971},{"style":544},[3972],{"type":418,"value":1966},{"type":413,"tag":531,"props":3974,"children":3975},{"class":533,"line":674},[3976,3981,3985,3989,3994],{"type":413,"tag":531,"props":3977,"children":3978},{"style":3896},[3979],{"type":418,"value":3980}," ScriptType",{"type":413,"tag":531,"props":3982,"children":3983},{"style":544},[3984],{"type":418,"value":3904},{"type":413,"tag":531,"props":3986,"children":3987},{"style":544},[3988],{"type":418,"value":1956},{"type":413,"tag":531,"props":3990,"children":3991},{"style":592},[3992],{"type":418,"value":3993},"FilePath",{"type":413,"tag":531,"props":3995,"children":3996},{"style":544},[3997],{"type":418,"value":1966},{"type":413,"tag":531,"props":3999,"children":4000},{"class":533,"line":688},[4001,4006,4010,4014,4019],{"type":413,"tag":531,"props":4002,"children":4003},{"style":3896},[4004],{"type":418,"value":4005}," ScriptPath",{"type":413,"tag":531,"props":4007,"children":4008},{"style":544},[4009],{"type":418,"value":3904},{"type":413,"tag":531,"props":4011,"children":4012},{"style":544},[4013],{"type":418,"value":1956},{"type":413,"tag":531,"props":4015,"children":4016},{"style":592},[4017],{"type":418,"value":4018},"infra/AdditionalScripts/ConfigureTeamsTabSSO.ps1",{"type":413,"tag":531,"props":4020,"children":4021},{"style":544},[4022],{"type":418,"value":1966},{"type":413,"tag":531,"props":4024,"children":4025},{"class":533,"line":696},[4026,4031,4035],{"type":413,"tag":531,"props":4027,"children":4028},{"style":3896},[4029],{"type":418,"value":4030}," ScriptArguments",{"type":413,"tag":531,"props":4032,"children":4033},{"style":544},[4034],{"type":418,"value":3904},{"type":413,"tag":531,"props":4036,"children":4037},{"style":571},[4038],{"type":418,"value":614},{"type":413,"tag":531,"props":4040,"children":4041},{"class":533,"line":1306},[4042],{"type":413,"tag":531,"props":4043,"children":4044},{"style":592},[4045],{"type":418,"value":4046}," -applicationObjectId $(AzureAdObjectId) `\n",{"type":413,"tag":531,"props":4048,"children":4049},{"class":533,"line":1332},[4050],{"type":413,"tag":531,"props":4051,"children":4052},{"style":592},[4053],{"type":418,"value":4054}," -customDomainName $(CustomDomainName)\n",{"type":413,"tag":531,"props":4056,"children":4057},{"class":533,"line":1358},[4058,4063,4067,4071,4076],{"type":413,"tag":531,"props":4059,"children":4060},{"style":3896},[4061],{"type":418,"value":4062}," azurePowerShellVersion",{"type":413,"tag":531,"props":4064,"children":4065},{"style":544},[4066],{"type":418,"value":3904},{"type":413,"tag":531,"props":4068,"children":4069},{"style":544},[4070],{"type":418,"value":1956},{"type":413,"tag":531,"props":4072,"children":4073},{"style":592},[4074],{"type":418,"value":4075},"LatestVersion",{"type":413,"tag":531,"props":4077,"children":4078},{"style":544},[4079],{"type":418,"value":1966},{"type":413,"tag":414,"props":4081,"children":4082},{},[4083,4085,4090,4092,4099],{"type":418,"value":4084},"The advantage is that this task will connect to Azure with an Azure Service Connection that has enough rights to execute the Azure AD commands in this script. However, it involves passing to the ",{"type":413,"tag":527,"props":4086,"children":4088},{"className":4087},[],[4089],{"type":418,"value":702},{"type":418,"value":4091}," command the access token of the Service Principal associated with the Azure Service Connection. This can easily be done as I found out in ",{"type":413,"tag":421,"props":4093,"children":4096},{"href":4094,"rel":4095},"https://stackoverflow.com/questions/60185213/automate-connect-azuread-using-powershell-in-azure-devops",[425],[4097],{"type":418,"value":4098},"a StackOverflow post",{"type":418,"value":430},{"type":413,"tag":521,"props":4101,"children":4103},{"className":523,"code":4102,"language":248,"meta":401,"style":401},"$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext\n$graphToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, \"https://graph.microsoft.com\").AccessToken\n$aadToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, \"https://graph.windows.net\").AccessToken\nConnect-AzureAD -AadAccessToken $aadToken -MsAccessToken $graphToken -AccountId $context.Account.Id -TenantId $context.tenant.id\n",[4104],{"type":413,"tag":527,"props":4105,"children":4106},{"__ignoreMap":401},[4107,4142,4270,4387],{"type":413,"tag":531,"props":4108,"children":4109},{"class":533,"line":534},[4110,4114,4119,4123,4128,4133,4137],{"type":413,"tag":531,"props":4111,"children":4112},{"style":544},[4113],{"type":418,"value":716},{"type":413,"tag":531,"props":4115,"children":4116},{"style":571},[4117],{"type":418,"value":4118},"context ",{"type":413,"tag":531,"props":4120,"children":4121},{"style":544},[4122],{"type":418,"value":761},{"type":413,"tag":531,"props":4124,"children":4125},{"style":544},[4126],{"type":418,"value":4127}," [",{"type":413,"tag":531,"props":4129,"children":4130},{"style":1105},[4131],{"type":418,"value":4132},"Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider",{"type":413,"tag":531,"props":4134,"children":4135},{"style":544},[4136],{"type":418,"value":1515},{"type":413,"tag":531,"props":4138,"children":4139},{"style":571},[4140],{"type":418,"value":4141},"::Instance.Profile.DefaultContext\n",{"type":413,"tag":531,"props":4143,"children":4144},{"class":533,"line":617},[4145,4149,4154,4158,4162,4167,4171,4176,4180,4185,4190,4194,4199,4203,4207,4212,4217,4222,4226,4231,4235,4240,4244,4248,4252,4257,4261,4265],{"type":413,"tag":531,"props":4146,"children":4147},{"style":544},[4148],{"type":418,"value":716},{"type":413,"tag":531,"props":4150,"children":4151},{"style":571},[4152],{"type":418,"value":4153},"graphToken ",{"type":413,"tag":531,"props":4155,"children":4156},{"style":544},[4157],{"type":418,"value":761},{"type":413,"tag":531,"props":4159,"children":4160},{"style":544},[4161],{"type":418,"value":4127},{"type":413,"tag":531,"props":4163,"children":4164},{"style":1105},[4165],{"type":418,"value":4166},"Microsoft.Azure.Commands.Common.Authentication.AzureSession",{"type":413,"tag":531,"props":4168,"children":4169},{"style":544},[4170],{"type":418,"value":1515},{"type":413,"tag":531,"props":4172,"children":4173},{"style":571},[4174],{"type":418,"value":4175},"::Instance.AuthenticationFactory.Authenticate",{"type":413,"tag":531,"props":4177,"children":4178},{"style":544},[4179],{"type":418,"value":1153},{"type":413,"tag":531,"props":4181,"children":4182},{"style":571},[4183],{"type":418,"value":4184},"context.Account",{"type":413,"tag":531,"props":4186,"children":4187},{"style":544},[4188],{"type":418,"value":4189},",",{"type":413,"tag":531,"props":4191,"children":4192},{"style":544},[4193],{"type":418,"value":953},{"type":413,"tag":531,"props":4195,"children":4196},{"style":571},[4197],{"type":418,"value":4198},"context.Environment",{"type":413,"tag":531,"props":4200,"children":4201},{"style":544},[4202],{"type":418,"value":4189},{"type":413,"tag":531,"props":4204,"children":4205},{"style":544},[4206],{"type":418,"value":953},{"type":413,"tag":531,"props":4208,"children":4209},{"style":571},[4210],{"type":418,"value":4211},"context.Tenant.Id.ToString",{"type":413,"tag":531,"props":4213,"children":4214},{"style":544},[4215],{"type":418,"value":4216},"(),",{"type":413,"tag":531,"props":4218,"children":4219},{"style":544},[4220],{"type":418,"value":4221}," $null,",{"type":413,"tag":531,"props":4223,"children":4224},{"style":544},[4225],{"type":418,"value":4127},{"type":413,"tag":531,"props":4227,"children":4228},{"style":1105},[4229],{"type":418,"value":4230},"Microsoft.Azure.Commands.Common.Authentication.ShowDialog",{"type":413,"tag":531,"props":4232,"children":4233},{"style":544},[4234],{"type":418,"value":1515},{"type":413,"tag":531,"props":4236,"children":4237},{"style":571},[4238],{"type":418,"value":4239},"::Never",{"type":413,"tag":531,"props":4241,"children":4242},{"style":544},[4243],{"type":418,"value":4189},{"type":413,"tag":531,"props":4245,"children":4246},{"style":544},[4247],{"type":418,"value":4221},{"type":413,"tag":531,"props":4249,"children":4250},{"style":544},[4251],{"type":418,"value":1870},{"type":413,"tag":531,"props":4253,"children":4254},{"style":592},[4255],{"type":418,"value":4256},"https://graph.microsoft.com",{"type":413,"tag":531,"props":4258,"children":4259},{"style":544},[4260],{"type":418,"value":589},{"type":413,"tag":531,"props":4262,"children":4263},{"style":544},[4264],{"type":418,"value":1163},{"type":413,"tag":531,"props":4266,"children":4267},{"style":571},[4268],{"type":418,"value":4269},".AccessToken\n",{"type":413,"tag":531,"props":4271,"children":4272},{"class":533,"line":655},[4273,4277,4282,4286,4290,4294,4298,4302,4306,4310,4314,4318,4322,4326,4330,4334,4338,4342,4346,4350,4354,4358,4362,4366,4370,4375,4379,4383],{"type":413,"tag":531,"props":4274,"children":4275},{"style":544},[4276],{"type":418,"value":716},{"type":413,"tag":531,"props":4278,"children":4279},{"style":571},[4280],{"type":418,"value":4281},"aadToken ",{"type":413,"tag":531,"props":4283,"children":4284},{"style":544},[4285],{"type":418,"value":761},{"type":413,"tag":531,"props":4287,"children":4288},{"style":544},[4289],{"type":418,"value":4127},{"type":413,"tag":531,"props":4291,"children":4292},{"style":1105},[4293],{"type":418,"value":4166},{"type":413,"tag":531,"props":4295,"children":4296},{"style":544},[4297],{"type":418,"value":1515},{"type":413,"tag":531,"props":4299,"children":4300},{"style":571},[4301],{"type":418,"value":4175},{"type":413,"tag":531,"props":4303,"children":4304},{"style":544},[4305],{"type":418,"value":1153},{"type":413,"tag":531,"props":4307,"children":4308},{"style":571},[4309],{"type":418,"value":4184},{"type":413,"tag":531,"props":4311,"children":4312},{"style":544},[4313],{"type":418,"value":4189},{"type":413,"tag":531,"props":4315,"children":4316},{"style":544},[4317],{"type":418,"value":953},{"type":413,"tag":531,"props":4319,"children":4320},{"style":571},[4321],{"type":418,"value":4198},{"type":413,"tag":531,"props":4323,"children":4324},{"style":544},[4325],{"type":418,"value":4189},{"type":413,"tag":531,"props":4327,"children":4328},{"style":544},[4329],{"type":418,"value":953},{"type":413,"tag":531,"props":4331,"children":4332},{"style":571},[4333],{"type":418,"value":4211},{"type":413,"tag":531,"props":4335,"children":4336},{"style":544},[4337],{"type":418,"value":4216},{"type":413,"tag":531,"props":4339,"children":4340},{"style":544},[4341],{"type":418,"value":4221},{"type":413,"tag":531,"props":4343,"children":4344},{"style":544},[4345],{"type":418,"value":4127},{"type":413,"tag":531,"props":4347,"children":4348},{"style":1105},[4349],{"type":418,"value":4230},{"type":413,"tag":531,"props":4351,"children":4352},{"style":544},[4353],{"type":418,"value":1515},{"type":413,"tag":531,"props":4355,"children":4356},{"style":571},[4357],{"type":418,"value":4239},{"type":413,"tag":531,"props":4359,"children":4360},{"style":544},[4361],{"type":418,"value":4189},{"type":413,"tag":531,"props":4363,"children":4364},{"style":544},[4365],{"type":418,"value":4221},{"type":413,"tag":531,"props":4367,"children":4368},{"style":544},[4369],{"type":418,"value":1870},{"type":413,"tag":531,"props":4371,"children":4372},{"style":592},[4373],{"type":418,"value":4374},"https://graph.windows.net",{"type":413,"tag":531,"props":4376,"children":4377},{"style":544},[4378],{"type":418,"value":589},{"type":413,"tag":531,"props":4380,"children":4381},{"style":544},[4382],{"type":418,"value":1163},{"type":413,"tag":531,"props":4384,"children":4385},{"style":571},[4386],{"type":418,"value":4269},{"type":413,"tag":531,"props":4388,"children":4389},{"class":533,"line":664},[4390,4394,4398,4403,4407,4411,4415,4420,4424,4428,4432,4437,4441,4446,4450,4454,4458],{"type":413,"tag":531,"props":4391,"children":4392},{"style":560},[4393],{"type":418,"value":702},{"type":413,"tag":531,"props":4395,"children":4396},{"style":544},[4397],{"type":418,"value":568},{"type":413,"tag":531,"props":4399,"children":4400},{"style":571},[4401],{"type":418,"value":4402},"AadAccessToken ",{"type":413,"tag":531,"props":4404,"children":4405},{"style":544},[4406],{"type":418,"value":716},{"type":413,"tag":531,"props":4408,"children":4409},{"style":571},[4410],{"type":418,"value":4281},{"type":413,"tag":531,"props":4412,"children":4413},{"style":544},[4414],{"type":418,"value":579},{"type":413,"tag":531,"props":4416,"children":4417},{"style":571},[4418],{"type":418,"value":4419},"MsAccessToken ",{"type":413,"tag":531,"props":4421,"children":4422},{"style":544},[4423],{"type":418,"value":716},{"type":413,"tag":531,"props":4425,"children":4426},{"style":571},[4427],{"type":418,"value":4153},{"type":413,"tag":531,"props":4429,"children":4430},{"style":544},[4431],{"type":418,"value":579},{"type":413,"tag":531,"props":4433,"children":4434},{"style":571},[4435],{"type":418,"value":4436},"AccountId ",{"type":413,"tag":531,"props":4438,"children":4439},{"style":544},[4440],{"type":418,"value":716},{"type":413,"tag":531,"props":4442,"children":4443},{"style":571},[4444],{"type":418,"value":4445},"context.Account.Id ",{"type":413,"tag":531,"props":4447,"children":4448},{"style":544},[4449],{"type":418,"value":579},{"type":413,"tag":531,"props":4451,"children":4452},{"style":571},[4453],{"type":418,"value":711},{"type":413,"tag":531,"props":4455,"children":4456},{"style":544},[4457],{"type":418,"value":716},{"type":413,"tag":531,"props":4459,"children":4460},{"style":571},[4461],{"type":418,"value":4462},"context.tenant.id\n",{"type":413,"tag":500,"props":4464,"children":4466},{"id":4465},"summary",[4467],{"type":418,"value":4468},"Summary",{"type":413,"tag":414,"props":4470,"children":4471},{},[4472,4474,4480],{"type":418,"value":4473},"In this post, I wanted to show the different steps to configure Teams Tab SSO in PowerShell. The final script can be found ",{"type":413,"tag":421,"props":4475,"children":4477},{"href":423,"rel":4476},[425],[4478],{"type":418,"value":4479},"here",{"type":418,"value":4481}," and is directly used in an Azure pipeline to automate this configuration. Although it does the job, I hope doing such Azure AD configurations will be supported soon in Pulumi as it would have been easier to set it up instead of coming up with a big PowerShell script like this which is not idempotent.",{"type":413,"tag":4483,"props":4484,"children":4485},"style",{},[4486],{"type":418,"value":4487},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":401,"searchDepth":617,"depth":617,"links":4489},[4490,4491,4500],{"id":434,"depth":617,"text":437},{"id":467,"depth":617,"text":470,"children":4492},[4493,4494,4495,4496,4497,4498,4499],{"id":502,"depth":655,"text":505},{"id":729,"depth":655,"text":732},{"id":834,"depth":655,"text":837},{"id":909,"depth":655,"text":912},{"id":1032,"depth":655,"text":1035},{"id":1908,"depth":655,"text":1911},{"id":2511,"depth":655,"text":2514},{"id":3856,"depth":617,"text":3859,"children":4501},[4502],{"id":4465,"depth":655,"text":4468},"markdown","content:1.posts:7.teams-sso-powershell.md","content","1.posts/7.teams-sso-powershell.md","md",1716749600760]