Disclaimer: This script is provided ‘as-is’ without any warranty or support. Use of this script is at your own risk and I accept no responsibility for any damage caused.
What is it?
TeamsAdminTool is a tool that allows you to manage Teams (inc. settings), Channels, Tabs etc. from a single GUI interface. It is written in Windows PowerShell (relies on WPF so won't work with Core) and requires no additional modules to be installed. To use the tool, simply clone/download the TeamsAdminTool.ps1 file and run from PowerShell.
What can it be used for?
TeamsAdminTool allows you to manage many aspects of a Team that cannot currently be done using Teams Admin Centre or Teams PowerShell Module. To best explain it here is a table of all the features:
|Feature||TeamsAdminTool||Teams Admin Centre||Teams PowerShell|
|View created Teams||Yes||Yes||Yes|
|Create a Team||Yes||Yes||Yes|
|- Using a JSON Template||Yes||No||No|
|- With defined Channels and Tabs||Yes||No||No|
|- With defined settings||Yes||No||No|
|Modify a Team||Yes||Yes||Yes|
|- Rename Team||Yes||Yes||Yes|
|- Modify Team membership||Yes||Yes||Yes|
|- Modify Team Member settings||Yes||Yes||Yes|
|- Modify Team Guest settings||Yes||No||Yes|
|- Modify Team Messaging settings||Yes||Partially||Yes|
|- Modify Team Fun settings||Yes||No||Yes|
|- Modify Team Discovery settings||Yes||No||No|
|Archive a Team||Yes||Yes||No|
|Delete a Team||Yes||Yes||Yes|
|Clone a Team||Yes||No||No|
|View created Channels||Yes||Yes||Yes|
|Create a Channel||Yes||Yes||Yes|
|- With defined Tabs||Yes||No||No|
|Modify a Channel||Yes||No||Yes|
|- Rename Channel||Yes||No||Yes|
|- Modify Channel settings||Yes||No||No|
|Delete a Channel||Yes||Yes||Yes|
|View created Tabs||Yes||No||No|
|Create a Tab||Yes||No||No|
|- OneNote Tab||Yes||No||No|
|- Wiki Tab||Yes||No||No|
|- Website Tab||Yes||No||No|
|Modify a Tab||Yes||No||No|
|- Rename Tab||Yes||No||No|
|Delete a Tab||Yes||No||No|
How is this done?
TeamsAdminTool is built using Microsoft's Graph API which from what I gather, what the Admin Centre and PowerShell Module use. Currently, this tool is using Graph API beta endpoints to achieve full functionality. The plan is to roll this back to v1.0 endpoints as functionality becomes available.
Note: Whilst there may be bugs with using the beta endpoint, in testing most functions work as expected (see Known Issues section), although being a beta this could change. If you are unsure of impact of the tool making changes to your Teams whilst it used beta endpoints - It is strongly advised you use the tool on some test Teams or a test Tenant.
To connect to Graph, you will need to use an Azure AD v2.0 Application. The application requires that it is granted the following Graph API permissions (delegated user or application):
- Group.ReadWrite.All - Allows creation and modification of Groups/Teams
- Directory.Read.All - Allows read-only access to directory for Group/Team membership
- Notes.ReadWrite.All - Allows access to Notebooks Note: When using user permissions to create Notebooks the user is temporarily added to the group to facilitate this
There are two ways this can be achieved:
Connect using a shared, pre-configured Azure AD Application - This is the easiest option and no set up is required, using a shared application all you will need to do is login using your O365 account and consent the application against your tenant (admin consent required):
You can grant consent when signing in with the tool or by going to this URL: https://login.microsoftonline.com/common/adminconsent?client_id=6d84adaa-2a01-4f45-964b-180cbdbfd20d
Grant Consent Prompt:
Application Consent Granted in Azure AD:
Note: This does method does not provide access to your tenant for anyone other than the users you grant it to in your own tenant. It is essentially a template of permissions.
Create your own Azure AD Application - Using the permissions mentioned above, create an Azure AD application ensuring you:
- Grant the permissions mentioned above as delegated user or application permissions
- If using application permissions, create a secret
- If using delegated user permissions, ensure the Redirect URI https://login.microsoftonline.com/common/oauth2/nativeclient is checked
Download or clone the repository:
git clone https://github.com/leeford/TeamsAdminTool.git
Run the script from a PowerShell prompt:
- When cloning a Team, the mail nickname specified will not be used - This is a Graph bug
- When retrieving or setting the Channel "IsFavoriteByDefault" value, null is returned - This is a Graph bug
- When creating a OneNote tab (including the Tab name), once a Teams user interfaces with the Tab for the first time, the Tab is renamed to 'note'. Unsure what (if anything) can be done about this as this occurs outside this tool.