{"id":12652,"date":"2025-09-02T23:01:11","date_gmt":"2025-09-02T14:01:11","guid":{"rendered":"https:\/\/m365jp.net\/?p=12652"},"modified":"2025-09-02T23:02:34","modified_gmt":"2025-09-02T14:02:34","slug":"mc1134747-updated-security-update-new-authentication-requirements-for-integration-with-microsoft-teams-powershell-module","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-09-02-mc1134747-updated-security-update-new-authentication-requirements-for-integration-with-microsoft-teams-powershell-module","title":{"rendered":"MC1134747 | (Updated) Security Update: New Authentication Requirements for integration with Microsoft Teams PowerShell Module"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1134747 | (Updated) Security Update: New Authentication Requirements for integration with Microsoft Teams PowerShell Module<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>09\/02\/2025 13:37:14<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>08\/13\/2025 23:31:21<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>10\/15\/2025 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2025-09-14T07:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>Updated September 2, 2025: We have updated the content. Thank you for your patience.<\/p>\n<p><b>Introduction<\/b><\/p>\n<p>We are reaching out to inform you of an <b>important security and authentication update<\/b> that may impact your integration with the Microsoft Teams PowerShell Module. As part of our ongoing commitment to strengthening security across Microsoft 365 services,   we are updating the authentication requirements for <b>application-based authentication with Administrative Units<\/b>&nbsp;in the Teams PowerShell Module.<\/p>\n<p>These changes are designed to ensure that Entra applications with Administrative Units used for backend access to Teams PowerShell are properly scoped and secured. If your organization uses Entra applications to automate or manage Teams via PowerShell, action   is required to avoid service disruption.&nbsp;<\/p>\n<p><b>When will this happen<\/b><\/p>\n<p>This change will take effect on Monday, September 15, 2025.<\/p>\n<p><b>How this affects your organization<\/b><\/p>\n<p>If your organization uses Entra applications to authenticate against the Microsoft Teams PowerShell Module, you must update the  <b><i>Application&nbsp;<\/i><\/b> permissions to avoid disruption. <\/p>\n<p>Specifically:<\/p>\n<ul>\n<li><b>RoleManagement.Read.Directory<\/b>: Required for all Entra applications to verify association with an Administrative Unit.<\/li>\n<li><b>GroupMember.Read.All<\/b>: Required if your application with Administrative Units uses the following cmdlets:\n<ul>\n<li><code>*-CsGroupPolicyAssignment<\/code><\/li>\n<li><code>*-CsGroupPolicyPackageAssignment<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>No changes are required for delegated permissions.<\/p>\n<p><b>What you can do to prepare<\/b><\/p>\n<p>To ensure uninterrupted access:<\/p>\n<p>1. Review your Entra applications:<\/p>\n<\/p>\n<ul>\n<li>Go to <i>Microsoft Entra ID<\/i> &gt; <i>Roles and administrators<\/i>.<\/li>\n<li>Check the <i>Teams Administrator<\/i>&nbsp;roles for any Entra applications or service principals, under the scope of Administrative Units, used with Teams PowerShell.<\/li>\n<\/ul>\n<p>2. Update API permissions:<\/p>\n<ul>\n<li>Navigate to <i>Microsoft Entra ID<\/i> &gt; <i>App registrations<\/i>.<\/li>\n<li>\u2022 Locate the relevant application under the scope of Administrative Units and add the following permissions:<br \/> \n<ul>\n<li><code>GroupMember.Read.All<\/code><\/li>\n<li><code>RoleManagement.Read.Directory<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"width: 400px;\" alt=\"user settings\" src=\"https:\/\/cxcs.microsoft.net\/file\/ccp\/en-us\/b34dd591-e907-4af1-b6c4-45d5bff1e6f4\"><\/p>\n<\/p>\n<p>3. Test your integrations to confirm continued functionality.<\/p>\n<p>Learn more: <a href=\"https:\/\/learn.microsoft.com\/microsoftteams\/teams-powershell-application-authentication\" target=\"_blank\">  Application-based authentication in Teams PowerShell Module<\/a>.<\/p>\n<p><b>Compliance considerations<\/b><\/p>\n<p>No compliance considerations identified, review as appropriate for your organization.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>2025\u5e749\u67082\u65e5\u66f4\u65b0:\u5185\u5bb9\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\u304a\u5f85\u3061\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n<p><b>\u7d39\u4ecb<\/b><\/p>\n<p>Microsoft Teams PowerShell \u30e2\u30b8\u30e5\u30fc\u30eb\u3068\u306e\u7d71\u5408\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b <b>\u91cd\u8981\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u8a8d\u8a3c\u306e\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0<\/b> \u306b\u3064\u3044\u3066\u304a\u77e5\u3089\u305b\u3057\u307e\u3059\u3002Microsoft 365 \u30b5\u30fc\u30d3\u30b9\u5168\u4f53\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3059\u308b\u305f\u3081\u306e\u7d99\u7d9a\u7684\u306a\u53d6\u308a\u7d44\u307f\u306e\u4e00\u74b0\u3068\u3057\u3066\u3001Teams PowerShell \u30e2\u30b8\u30e5\u30fc\u30eb\u306e  <b>\u7ba1\u7406\u5358\u4f4d<\/b>&nbsp;\u3092\u4f7f\u7528\u3057\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u306e\u8a8d\u8a3c\u8981\u4ef6\u3092\u66f4\u65b0\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u5909\u66f4\u306f\u3001Teams PowerShell \u3078\u306e\u30d0\u30c3\u30af\u30a8\u30f3\u30c9 \u30a2\u30af\u30bb\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u7ba1\u7406\u5358\u4f4d\u3092\u6301\u3064 Entra \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u9069\u5207\u306b\u30b9\u30b3\u30fc\u30d7\u8a2d\u5b9a\u3055\u308c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3067\u4fdd\u8b77\u3055\u308c\u308b\u3088\u3046\u306b\u8a2d\u8a08\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u7d44\u7e54\u3067 Entra \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066 PowerShell \u7d4c\u7531\u3067 Teams \u3092\u81ea\u52d5\u5316\u307e\u305f\u306f\u7ba1\u7406\u3059\u308b\u5834\u5408\u306f\u3001\u30b5\u30fc\u30d3\u30b9\u306e\u4e2d\u65ad\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u304c\u5fc5\u8981\u3067\u3059\u3002&nbsp;<\/p>\n<p><b>\u3053\u308c\u306f\u3044\u3064\u8d77\u3053\u308b\u306e\u3067\u3057\u3087\u3046\u304b<\/b><\/p>\n<p>\u3053\u306e\u5909\u66f4\u306f\u30012025\u5e749\u670815\u65e5(\u6708)\u3088\u308a\u6709\u52b9\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n<p><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff<\/b><\/p>\n<p>\u7d44\u7e54\u3067 Entra \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066 Microsoft Teams PowerShell \u30e2\u30b8\u30e5\u30fc\u30eb\u306b\u5bfe\u3057\u3066\u8a8d\u8a3c\u3059\u308b\u5834\u5408\u306f\u3001\u4e2d\u65ad\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306b  <b><i>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e&nbsp;<\/i><\/b> \u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u66f4\u65b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002 <\/p>\n<p>\u5177\u4f53\u7684\u306b\u306f\uff1a<\/p>\n<ul>\n<li><b>RoleManagement.Read.Directory<\/b>: \u7ba1\u7406\u5358\u4f4d\u3068\u306e\u95a2\u9023\u4ed8\u3051\u3092\u78ba\u8a8d\u3059\u308b\u305f\u3081\u306b\u3001\u3059\u3079\u3066\u306e Entra \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u5fc5\u8981\u3067\u3059\u3002<\/li>\n<li><b>GroupMember.Read.All<\/b>: \u7ba1\u7406\u5358\u4f4d\u3092\u6301\u3064\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u30ec\u30c3\u30c8\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u5fc5\u8981\u3067\u3059\u3002\n<ul>\n<li><code>*-CsGroupPolicyAssignment<\/code><\/li>\n<li><code>*-CsGroupPolicyPackageAssignment<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u59d4\u4efb\u3055\u308c\u305f\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306b\u5909\u66f4\u306f\u5fc5\u8981\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n<p><b>\u6e96\u5099\u3059\u308b\u305f\u3081\u306b\u3067\u304d\u308b\u3053\u3068<\/b><\/p>\n<p>\u4e2d\u65ad\u306e\u306a\u3044\u30a2\u30af\u30bb\u30b9\u3092\u78ba\u4fdd\u3059\u308b\u306b\u306f:<\/p>\n<p>1. Entra \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<\/p>\n<ul>\n<li>[ <i>Microsoft Entra ID<\/i> &gt; <i>\u30ed\u30fc\u30eb\u3068\u7ba1\u7406\u8005]<\/i> \u306b\u79fb\u52d5\u3057\u307e\u3059\u3002<\/li>\n<li>Teams PowerShell \u3067\u4f7f\u7528\u3055\u308c\u308b\u7ba1\u7406\u5358\u4f4d\u306e\u30b9\u30b3\u30fc\u30d7\u3067\u3001Entra \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u307e\u305f\u306f\u30b5\u30fc\u30d3\u30b9 \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u306e <i>Teams \u7ba1\u7406\u8005<\/i>&nbsp;\u30ed\u30fc\u30eb\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<p>2. API \u6a29\u9650\u3092\u66f4\u65b0\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>[ <i>Microsoft Entra ID<\/i> &gt; <i>\u30a2\u30d7\u30ea\u306e\u767b\u9332]<\/i> \u306b\u79fb\u52d5\u3057\u307e\u3059\u3002<\/li>\n<li>. \u7ba1\u7406\u5358\u4f4d\u306e\u7bc4\u56f2\u3067\u95a2\u9023\u3059\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u898b\u3064\u3051\u3001\u6b21\u306e\u6a29\u9650\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<br \/> \n<ul>\n<li><code>GroupMember.Read.All<\/code><\/li>\n<li><code>RoleManagement.Read.Directory<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" style=\"width: 400px;\" alt=\"user settings\" src=\"https:\/\/cxcs.microsoft.net\/file\/ccp\/en-us\/b34dd591-e907-4af1-b6c4-45d5bff1e6f4\"><\/p>\n<\/p>\n<p>3. \u7d71\u5408\u3092\u30c6\u30b9\u30c8\u3057\u3066\u3001\u7d99\u7d9a\u7684\u306a\u6a5f\u80fd\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<p>\u8a73\u7d30\u60c5\u5831: <a href=\"https:\/\/learn.microsoft.com\/microsoftteams\/teams-powershell-application-authentication\" target=\"_blank\">  Teams PowerShell \u30e2\u30b8\u30e5\u30fc\u30eb\u3067\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c<\/a>\u3002<\/p>\n<p><b>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306b\u95a2\u3059\u308b\u8003\u616e\u4e8b\u9805<\/b><\/p>\n<p>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306b\u95a2\u3059\u308b\u8003\u616e\u4e8b\u9805\u304c\u7279\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u3001\u7d44\u7e54\u306b\u5fdc\u3058\u3066\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1134747 | (Updated) Security Update: New Authentication Requirements for integration with Microsoft Teams Po [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12652","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=12652"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12652\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=12652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=12652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=12652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}