Summary
Details
Updated September 2, 2025: We have updated the content. Thank you for your patience.
Introduction
We are reaching out to inform you of an important security and authentication update that may impact your integration with the Microsoft Teams PowerShell Module. As part of our ongoing commitment to strengthening security across Microsoft 365 services, we are updating the authentication requirements for application-based authentication with Administrative Units in the Teams PowerShell Module.
These changes are designed to ensure that Entra applications with Administrative Units used for backend access to Teams PowerShell are properly scoped and secured. If your organization uses Entra applications to automate or manage Teams via PowerShell, action is required to avoid service disruption.
When will this happen
This change will take effect on Monday, September 15, 2025.
How this affects your organization
If your organization uses Entra applications to authenticate against the Microsoft Teams PowerShell Module, you must update the Application permissions to avoid disruption.
Specifically:
- RoleManagement.Read.Directory: Required for all Entra applications to verify association with an Administrative Unit.
- GroupMember.Read.All: Required if your application with Administrative Units uses the following cmdlets:
*-CsGroupPolicyAssignment*-CsGroupPolicyPackageAssignment
No changes are required for delegated permissions.
What you can do to prepare
To ensure uninterrupted access:
1. Review your Entra applications:
- Go to Microsoft Entra ID > Roles and administrators.
- Check the Teams Administrator roles for any Entra applications or service principals, under the scope of Administrative Units, used with Teams PowerShell.
2. Update API permissions:
- Navigate to Microsoft Entra ID > App registrations.
- • Locate the relevant application under the scope of Administrative Units and add the following permissions:
GroupMember.Read.AllRoleManagement.Read.Directory
3. Test your integrations to confirm continued functionality.
Learn more: Application-based authentication in Teams PowerShell Module.
Compliance considerations
No compliance considerations identified, review as appropriate for your organization.
Change History
Introduction
We are reaching out to inform you of an important security and authentication update that may impact your integration with the Microsoft Teams PowerShell Module. As part of our ongoing commitment to strengthening security across Microsoft 365 services, we are updating the authentication requirements for application-based authentication in the Teams PowerShell Module.
These changes are designed to ensure that Entra applications used for backend access to Teams PowerShell are properly scoped and secured. If your organization uses Entra applications to automate or manage Teams via PowerShell, action is required to avoid service disruption.
When will this happen
This change will take effect on Monday, September 15, 2025.
How this affects your organization
If your organization uses Entra applications to authenticate against the Microsoft Teams PowerShell Module, you must update the Application permissions to avoid disruption.
Specifically:
- RoleManagement.Read.Directory: Required for all Entra applications to verify association with an Administrative Unit.
- GroupMember.Read.All: Required if your application uses the following cmdlets:
*-CsGroupPolicyAssignment*-CsGroupPolicyPackageAssignment
No changes are required for delegated permissions.
What you can do to prepare
To ensure uninterrupted access:
1. Review your Entra applications:
- Go to Microsoft Entra ID > Roles and administrators.
- Check the Global Administrator, Teams Administrator, and Skype for Business Administrator roles for any Entra applications or service principals used with Teams PowerShell.
2. Update API permissions:
- Navigate to Microsoft Entra ID > App registrations.
- Locate the relevant application and add the following permissions:
GroupMember.Read.AllRoleManagement.Read.Directory
3. Test your integrations to confirm continued functionality.
Learn more: Application-based authentication in Teams PowerShell Module.
Compliance considerations
No compliance considerations identified, review as appropriate for your organization.
Updated September 2, 2025: We have updated the content. Thank you for your patience.
Introduction
We are reaching out to inform you of an important security and authentication update that may impact your integration with the Microsoft Teams PowerShell Module. As part of our ongoing commitment to strengthening security across Microsoft 365 services, we are updating the authentication requirements for application-based authentication with Administrative Units in the Teams PowerShell Module.
These changes are designed to ensure that Entra applications with Administrative Units used for backend access to Teams PowerShell are properly scoped and secured. If your organization uses Entra applications to automate or manage Teams via PowerShell, action is required to avoid service disruption.
When will this happen
This change will take effect on Monday, September 15, 2025.
How this affects your organization
If your organization uses Entra applications to authenticate against the Microsoft Teams PowerShell Module, you must update the Application permissions to avoid disruption.
Specifically:
- RoleManagement.Read.Directory: Required for all Entra applications to verify association with an Administrative Unit.
- GroupMember.Read.All: Required if your application with Administrative Units uses the following cmdlets:
*-CsGroupPolicyAssignment*-CsGroupPolicyPackageAssignment
No changes are required for delegated permissions.
What you can do to prepare
To ensure uninterrupted access:
1. Review your Entra applications:
- Go to Microsoft Entra ID > Roles and administrators.
- Check the Teams Administrator roles for any Entra applications or service principals, under the scope of Administrative Units, used with Teams PowerShell.
2. Update API permissions:
- Navigate to Microsoft Entra ID > App registrations.
- • Locate the relevant application under the scope of Administrative Units and add the following permissions:
GroupMember.Read.AllRoleManagement.Read.Directory
3. Test your integrations to confirm continued functionality.
Learn more: Application-based authentication in Teams PowerShell Module.
Compliance considerations
No compliance considerations identified, review as appropriate for your organization.
Never Miss a Microsoft 365 Update
Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.