I was just listening to episode 10 of the Office 365 Exposed podcast with Tony Redmond and Paul Robichaux. Tony was reviewing some of the conversation in his somewhat recent blog post, Why the PowerShell Module for Teams is Critically Flawed. We have seen some of the the issues outlined before, particularly with the means to work with Office 365 Groups, where steps to restrict which group has permissions to create new groups. Things take multiple steps because you have to find the GUID for something in order to do other work:
Let’s dig in to the process of getting the module, because it is simple:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Install-Module MicrosoftTeams |
Once you have it installed, you connect:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Connect-MicrosoftTeams |
It then gives you the Modern Authentication prompt and you can sign in. Great! Now we can run Get-Team:
So, what is the big problem? It seems that the Get-Team cmdlet is utilizing the this query from the Graph API:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /beta/me/joinedTeams |
What this does is returns all of the Microsoft Teams that the currently authenticated user is a member. Well, if you’re administrating properly, you have separate administrative accounts and, for Microsoft Cloud services, you would not even be licensed for unnecessary user space services, like Teams. So, you would not be a member of any Teams, let alone all of the Teams that you need to administrate.
So, I decided to dig in via the xMSGraph.PowerShell module that I have created to run a query against Office 365 Groups, because Microsoft Teams is built on top of it:
And what we see is that there are no designations available from here that this is indeed a Microsoft Teams team, it is just an Office 365 Groups group.
One thing that Tony articulated quite well is that PowerShell is a great asset for Microsoft. And if we look at their positioning relative to the cloud, they are the only major player that has significant on-premises capabilities that are tightly integrated into their cloud services. That makes things here even more disappointing, because they have put out some really bad PowerShell modules lately (why I made the xAzureAD.DirectorySetting module). PowerShell has been building momentum for over ten years now and tons of IT pros have made significant investments in developing the requisite skills to use it.
It is gut check time for Microsoft. There needs to be some edict from on high that says that PowerShell modules aren’t going to require undo ridiculousness from administrators that are not interesting in essentially becoming developers.
Microsoft Teams PowerShell Module documentation
Dustin Dortch 