TeamsClientConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
Identity Key String The only valid input is Global - the tenant wide configuration Global
AllowBox Write Boolean Designates whether users are able to leverage Box as a third party storage solution in Microsoft Teams. If $true, users will be able to add Box in the client and interact with the files stored there.
AllowDropBox Write Boolean Designates whether users are able to leverage DropBox as a third party storage solution in Microsoft Teams. If $true, users will be able to add DropBox in the client and interact with the files stored there.
AllowEmailIntoChannel Write Boolean When set to $true, mail hooks are enabled, and users can post messages to a channel by sending an email to the email address of Teams channel.
AllowGoogleDrive Write Boolean Designates whether users are able to leverage GoogleDrive as a third party storage solution in Microsoft Teams. If $true, users will be able to add Google Drive in the client and interact with the files stored there.
AllowGuestUser Write Boolean Designates whether or not guest users in your organization will have access to the Teams client. If $true, guests in your tenant will be able to access the Teams client. Note that this setting has a core dependency on Guest Access being enabled in your Office 365 tenant.
AllowOrganizationTab Write Boolean When set to $true, users will be able to see the organizational chart icon other users' contact cards, and when clicked, this icon will display the detailed organizational chart.
AllowResourceAccountSendMessage Write Boolean Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the from party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed anonymous because it originated from the Surface Hub's device account. If set to $true, these device accounts will be able to send chat messages in Skype for Business Online (does not apply to Microsoft Teams).
AllowScopedPeopleSearchandAccess Write Boolean If set to $true, the Exchange address book policy (ABP) will be used to provide customized view of the global address book for each user. This is only a virtual separation and not a legal separation.
AllowShareFile Write Boolean Designates whether users are able to leverage ShareFile as a third party storage solution in Microsoft Teams. If $true, users will be able to add ShareFile in the client and interact with the files stored there.
AllowSkypeBusinessInterop Write Boolean When set to $true, Teams conversations automatically show up in Skype for Business for users that aren't enabled for Teams.
AllowEgnyte Write Boolean Designates whether users are able to leverage Egnyte as a third party storage solution in Microsoft Teams. If $true, users will be able to add Egnyte in the client and interact with the files stored there.
ContentPin Write String This setting applies only to Skype for Business Online (not Microsoft Teams) and defines whether the user must provide a secondary form of authentication to access the meeting content from a resource device account. Meeting content is defined as files that are shared to the Content Bin - files that have been attached to the meeting. NotRequired, RequiredOutsideScheduleMeeting, AlwaysRequired
ResourceAccountContentAccess Write String Require a secondary form of authentication to access meeting content. NoAccess, PartialAccess, FullAccess
RestrictedSenderList Write StringArray[] Senders domains can be further restricted to ensure that only allowed SMTP domains can send emails to the Teams channels. This is a comma-separated string of the domains you'd like to allow to send emails to Teams channels.
Credential Write PSCredential Credentials of the Teams Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

Description

This resource is used to configure the Teams client settings.

More information: https://docs.microsoft.com/en-us/microsoftteams/enable-features-office-365#teams-settings-and-teams-upgrade-settings-in-the-microsoft-teams-admin-center

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • None
  • Update

    • None

Application permissions

  • Read

    • Organization.Read.All
  • Update

    • Organization.Read.All

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        TeamsClientConfiguration 'TeamsClientConfiguration'
        {
            AllowBox                         = $True
            AllowDropBox                     = $True
            AllowEmailIntoChannel            = $True
            AllowGoogleDrive                 = $True
            AllowGuestUser                   = $True
            AllowOrganizationTab             = $True
            AllowResourceAccountSendMessage  = $True
            AllowScopedPeopleSearchandAccess = $False
            AllowShareFile                   = $True
            AllowSkypeBusinessInterop        = $True
            ContentPin                       = "RequiredOutsideScheduleMeeting"
            Identity                         = "Global"
            ResourceAccountContentAccess     = "NoAccess"
            Credential                       = $Credscredential
        }
    }
}