How to Manage Microsoft Teams: PowerShell and the Graph

May 1, 2019 by Greg Jones

This is part one of a three-part series on How to Manage Microsoft Teams: An Admin Guide by Greg Jones, Product Owner at Quadrotech. We will be releasing sections of the guide over the coming weeks, but if you would like the entire copy, you can download the free guide here.

Native Management of Teams

There are now three ways to manage Microsoft Teams natively. The first is through the Microsoft 365 Admin Center. This will allow you to manage the users and groups associated with the Teams and you will also have a link in the Admin Center to get to the Teams Admin Center. This won’t be covered here except to mention that if you are a Global Admin you have full rights. If not, you will need to be added to the “Teams Service Administrator” role in AAD. The other 2 options that will be covered here will be management via PowerShell and via the Graph API.

The configuration

For both methods, we will be creating the “UK Finance Team” with a “Regulatory Compliance” channel with members allowed to create and update channels, but not allowed to delete them. Users will also not be allowed to add or remove apps.

PowerShell

Let’s deal with PowerShell first since it is a more common approach for administration.

Install the Teams PowerShell Module

The first step in managing Teams via PowerShell is to install the Teams Cmdlets module. Running PowerShell as an Administrator, you will need to run the following and allow install from the untrusted repo as well as installing the NuGet package:
Install-Module -Name MicrosoftTeams

Connect PowerShell to the Tenant

The next step is to connect to Teams in the tenant. This can be done with the following script.
$UserCredential = Get-Credential Connect-MicrosoftTeams -Credential $UserCredential
Voila…you are connected to Microsoft Teams as long as you have the appropriate rights.

Show Available Cmdlets

You can now run Get-Command -Module MicrosoftTeams to list the available cmdlets.

Manage Microsoft Teams Admin Windows PowerShell

New Team PowerShell Options

For this example, we will create a new Team. If we look at the results of a Get-Help New-Team -Full, you can see the syntax of the command as well as the parameters.

Create the Team

We can create a new team.

New-Team -DisplayName “UK Finance Team” -AccessType Private -Description “This Team is for UK Finance”

PowerShell Admin Command to Manage Microsoft Teams

This will provide us with the GroupID for the Team so we know the cmdlet was successful. The Team is created, but it does not have membership, channels, or settings.

Add Members and Channels

To do this we can run Add-TeamUser, New-TeamChannel and a host of Set-Team other settings that aren’t covered here, but you can find more details of these in the Microsoft documentation.
Add-TeamUser -GroupId 4a07317c-c860-47db-9a85-00113764d528 -User user@domain.onmicrosoft.com New-TeamChannel -GroupId 4a07317c-c860-47db-9a85-00113764d528 -DisplayName "Regulatory Compliance" Id DisplayName Description -- ----------- ----------- 19:77e332ebe56c494181372e509b44251c@thread.skype Regulatory Compliance

A member has been added to the Team, and a new channel has been created. You will notice that the channel has an ID associated with it that will be needed for the management of that channel.

Modify Settings

I mentioned I would not cover all the settings cmdlets, but I will briefly cover the TeamMemberSettings as an example because I want my users to create channels but not delete them, and I also do not want them to add/remove Apps. I can run Set-TeamMemberSettings to do this.
Set-TeamMemberSettings -GroupId 4a07317c-c860-47db-9a85-00113764d528 -AllowCreateUpdateChannels true -AllowDeleteChannels false -AllowAddRemoveApps false

I now have my team created “mostly” as I would like but it has taken me a while and a lot of commands to do this. Let me delete the team.

Remove the Team

Remove-Team -GroupId 4a07317c-c860-47db-9a85-00113764d528

Scripting the Team Creation

Now I can script the entire thing like this with the groupid captured from the initial creation.
$group = New-Team -DisplayName "UK Finance Team" -AccessType Private -Description "This Team is for UK Finance" Add-TeamUser -GroupId $group.GroupId -User "user@domain.onmicrosoft.com" New-TeamChannel -GroupId $group.GroupId -DisplayName "Regulatory Compliance" Set-TeamMemberSettings -GroupId $group.GroupId -AllowCreateUpdateChannels true -AllowDeleteChannels false -AllowAddRemoveApps false

That is a bit more straightforward, but it could still be easier. Microsoft has impeded a beta feature, for now, to easily create a team based on a template. However, this will be covered later.

Using the Graph API

We can do the same thing via the Graph API with either user-level or application-level permissions. If we look at the documentation you can see that, just like PowerShell, there are different resources to create and modify Teams.

Create the Group and add Members

Using the same example but via Graph, I need to create the group before I can create the Team, and the group needs to be an Office 365 Group. I will also add my user as an owner and a member of this post.

POST https://graph.microsoft.com/v1.0/groups

Content-Type: application/json
{ "description": "This Team is for UK Finance", "displayName": "UK Finance Team", "groupTypes": [ "Unified" ], "mailEnabled": true, "mailNickname": "operations2019", "securityEnabled": false, "owners@odata.bind": [ "https://graph.microsoft.com/v1.0/users/a103604b-0441-4e96-a599-9edd9bd1b271" ], "members@odata.bind": [ "https://graph.microsoft.com/v1.0/users/a103604b-0441-4e96-a599-9edd9bd1b271" ] }
The Graph command to Manage Microsoft Teams

The important part of the response is the ID of the group. In this example it is:

“id”: “084e7e06-9d1c-42dc-b67d-2546fc283860”

Create the Team with Settings

With the Group ID we can now create the team along with our settings with a Put:

PUT https://graph.microsoft.com/v1.0/groups/084e7e06-9d1c-42dc-b67d-2546fc283860/team

Content-type: application/json
{ "memberSettings": { "allowCreateUpdateChannels": true, "allowDeleteChannels": false, "allowAddRemoveApps": false } }

Add the Channel

Now we have a group with members and a team with settings, but we still don’t have any Channels. We can now create the channel with a POST.

POST https://graph.microsoft.com/v1.0/teams/084e7e06-9d1c-42dc-b67d-2546fc283860/channels

Content-type: application/json
{ "displayName": "Regulatory Compliance", "description": "This channel is for Regulatory Compliance" }

A Single Call?

As you can see, there are a few steps involved to get what we want. So, the next question is, how can we make this simpler? Can we create a Team with the Graph API in a single process – like was done with the scripting in PowerShell? Well, we can now in Beta endpoints using templates. But as I mentioned before, we’ll be covering templates later.

Conclusion

You can see that whether you use PowerShell or the Graph, the Team is created with the settings, members, and channels you have defined. I think it is also interesting to do the creation this way to understand the underlying relationship between workloads to create Teams.

Manage Microsoft Teams Conclusion

The next article in this series on Teams management will look at the creation of Teams templates, which is currently in Beta. This method delivers a more programmatic approach to Teams creation. Make sure you stay tuned on the Quadrotech blog to see the next installment. Or, if you can’t wait that long, you can download the entire “How to Manage Microsoft Teams” guide here.

Alternatively, you can explore our Office 365 management solutions here.

Delegation and Policy Control

License Management

Multi-Tenant Management

Office 365 Reporting

Email Archive Migration

PST File Migration

Enterprise Vault Migration

Journal Archive Migration

Office 365 Tenant Migration

Microsoft Teams Migration

Products

Quadrotech Archive Shuttle

Quadrotech EVNearSync

Quadrotech Nova

Quadrotech PST Flight Deck

Quadrotech Radar