alotofpeople - stock.adobe.com

How to assign Microsoft Teams policies with PowerShell

The admin center lags behind PowerShell when it comes to Microsoft Teams policy management due to the automation tool's superior logging and visibility features.

Microsoft Teams is a popular platform for video, chat and phone services for many organizations, and due to its pervasive nature, it requires tight handling by administrators.

Microsoft Teams integrates with Office 365 services, including SharePoint Online, Exchange Online and Planner. The first concern is security when deploying services for video calls, instant message chats and meetings. Many organizations will limit the deployment at the early days of the deployment while they determine the security controls and policies needed to ensure everything is protected.

Microsoft Teams uses policies to control or limit specific features or components either by user or group. Organizations control feature sets as needed to limit potential security problems. The policies are not specifically security controls, such as multifactor authentication or conditional access policies, but used to limit end-user actions.

What are Microsoft Teams policies?

Microsoft Teams policies can control many tasks across several areas such as messaging, meetings and applications. Some policies allow users to schedule meetings in a team's channel, let users edit sent messages and control whether users can pin apps to the Teams app bar. IT manages the policies in the Microsoft Teams admin center or through PowerShell.

What types of Microsoft Teams policies can organizations create?

There are five core Microsoft Teams policies: policy package, meeting policy, voice and calling policy, app policy and messaging policy.

  • Policy packages in Microsoft Teams are a collection of predefined policies and settings assigned to users with similar roles.
  • Meeting policies control the features available to participants of meetings scheduled by users in your organization.
  • Voice and calling policies control emergency calling, call routing and caller ID.
  • App policies control applications in Microsoft Teams. Organizations can allow or block which apps users can install, pin applications to a user's Teams app bar and install an application on behalf of the users.
  • Messaging policies control chat and channel feature availability.

How to assign Microsoft Teams policies to end users

There are several ways to assign Microsoft Teams policies to users. Organizations can set a policy directly to end users, either individually or to the assigned security group. Global policies apply to the highest number of users in the organization. It is best to assign policies to just the users that require specific policies.

The Microsoft Teams admin center or the Teams PowerShell module is used to assign policies to individual users, security groups, batches of users or even a policy package.

Why use PowerShell to manage Microsoft Teams policies?

For deployment or configuration jobs in Microsoft 365/Office 365, PowerShell is always a primary option for admins. PowerShell is an excellent automation tool used to create repeatable and reusable functions and code.

PowerShell is the ideal tool to ensure that objects deploy consistently with multiple tenants. PowerShell also offers better error handling and logging versus the Teams admin center.

How to work with Microsoft Teams policies in PowerShell

Originally, the PowerShell commands used to manage Microsoft Teams belonged to the Skype for Business Online Connector. Microsoft retired Skype for Business Online on July 31; organizations must switch from the Skype for Business Online Connector and use the latest version of the Microsoft Teams PowerShell module instead.

To start, install the Microsoft Teams module using PowerShell. The system must be running Windows PowerShell version 5.1 or higher and have the .NET Framework 4.7.2 or later installed. Install PowerShellGet with following command:

Install-Module -Name PowerShellGet -Force -AllowClobber

Next, install the Microsoft Teams module.

Install-Module -Name MicrosoftTeams -Force -AllowClobber

If that fails, import the module into the current PowerShell session with the following command:

Import-Module MicrosoftTeams

Next, connect to Microsoft Teams by specifying a credential object or using the modern authentication browser approach.

# Setting credential approach
$credential = Get-Credential
Connect-MicrosoftTeams -Credential $credential
# Modern authentication browser approach Connect-MicrosoftTeams
Microsoft Teams authentication
Connect to an authenticated account to use the Microsoft Teams PowerShell module.

Once connected, the commands are available to set up and configure Microsoft Teams policies. For example, to see the list of all messaging policies, execute the following command:

Get-CsTeamsMessagingPolicy

Each configured policy type will return with its property name and current value.

To create a messaging policy, use the New-CsTeamsMessagingPolicy command. The following example denies the user access to post giphys and memes.

New-CsTeamsMessagingPolicy `
      -Identity DemoMessagingPolicy `
      -AllowGiphy $false `
      -AllowMemes $false

To update an existing policy, use the Set-CsTeamsMessagingPolicy command for the corresponding policy type. For example, uses the following command to update a policy named DemoMessagingPolicy to restrict sticker use:

Set-CsTeamsMessagingPolicy `
      -Identity DemoMessagingPolicy `
      -AllowStickers $false

The PowerShell commands to create policies are similar in syntax and usage. Microsoft provides more information about each Teams policy command in its Skype for Business documentation:

How to assign Microsoft Teams policies with PowerShell

Assigning policies uses the Grant-CsTeamsMessagingPolicy command for the specified policy type. The cmdlet execute for a specific user passed as an argument or for a list of users from a PowerShell piped value.

# Assign a single specified user
Grant-CsTeamsMessagingPolicy `
      -Identity "[email protected]" `
      -PolicyName DemoMessagingPolicy
# Assign all Teams users filtered to a department Get-CsOnlineUser -Filter { Department -eq 'Sales' } | ` Grant-CsTeamsMessagingPolicy ` -PolicyName "DemoMessagingPolicy"

The results from these PowerShell commands will appear in the Teams admin center, typically after several minutes.

Microsoft Teams policies in the admin center
Policies created with Microsoft Teams PowerShell commands appear in the Teams admin center.

Choosing between PowerShell versus the Microsoft Teams admin center

The Teams admin center is a good choice to manage all aspects of Microsoft Teams. Each component, such as policies, is available within the browser. All policies can be created within the admin center, assigned to users, updated and removed. However, the admin center, especially when performing batch updates such as group assignments, does not give detailed feedback, information or error handling.

PowerShell gives a greater level of detail through executing commands wrapped within regular PowerShell error handling and code. When admins deploy to multiple tenants, manage the tenant from a remote machine, script other features of Microsoft 365/Office 365, or use any of the command-line interface capabilities within both Microsoft 365 and Azure, then PowerShell is the best way to manage Microsoft Teams.

Dig Deeper on Microsoft messaging and collaboration