I would like to assign Teams policies from an Azure Automation. For this I use the PowerShell module "MicrosoftTeams" in the current version.
When I log in to Teams with user credential, as shown below, the assignment works.
$Cred = Get-AutomationPSCredential -Name 'Teams-Admin'
Connect-MicrosoftTeams -TenantId $tenantId -Credential $Cred
# Grant policys
Grant-CsUserPolicyPackage -Identity $mailAddress -PackageName Test
However, I want to use the Run-As account to log in, as shown below. When I do that, I get an error.
$connection = Get-AutomationConnection –Name AzureRunAsConnection
Connect-MicrosoftTeams -TenantId $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint
# Grant policys
Grant-CsUserPolicyPackage -Identity $mailAddress -PackageName Test
The error is as follows:
Grant-CsUserPolicyPackage : Powershell administered domain is unexpectedly null/empty
The app registry of the "Run-As" account has the Teams administrator and Skype for Business administrator role. In addition, I have delegated "AppCatalog.ReadWrite.All", "Group.ReadWrite.All", "User.Read.All" permissions to Microsoft Graph in the API permissions and "user_impersonation" permissions to Skype and Teams Tenant Admin API.
Service Principal names is currently not supported. We have backlog item for this but do not have an ETA to share.