TeamsFederationConfiguration¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Identity | Key | String | The only valid input is Global - the tenant wide configuration | Global |
| AllowFederatedUsers | Write | Boolean | When set to True users will be potentially allowed to communicate with users from other domains. | |
| AllowedDomains | Write | StringArray[] | List of federated domains to allow. | |
| BlockedDomains | Write | StringArray[] | List of federated domains to block. | |
| AllowPublicUsers | Write | Boolean | When set to True users will be potentially allowed to communicate with users who have accounts on public IM and presence providers. | |
| AllowTeamsConsumer | Write | Boolean | Allows federation with people using Teams with an account that's not managed by an organization. | |
| AllowTeamsConsumerInbound | Write | Boolean | Allows people using Teams with an account that's not managed by an organization, to discover and start communication with users in your organization. | |
| TreatDiscoveredPartnersAsUnverified | Write | Boolean | When set to True, messages sent from discovered partners are considered unverified. That means that those messages will be delivered only if they were sent from a person who is on the recipient's Contacts list. | |
| SharedSipAddressSpace | Write | Boolean | When set to True, indicates that the users homed on Skype for Business Online use the same SIP domain as users homed on the on-premises version of Skype for Business Server. | |
| RestrictTeamsConsumerToExternalUserProfiles | Write | Boolean | When set to True, Teamsconsumer have access only to external user profiles | |
| Credential | Write | PSCredential | Credentials of the Teams Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. |
Description¶
This resource is used to configure the Teams Federation Configuration (CsTenantFederationConfiguration). In the Teams admin center this is available in 'External access' in the Users section.
More information: https://docs.microsoft.com/en-us/microsoftteams/manage-external-access
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- None
-
Update
- None
Application permissions¶
-
Read
- Organization.Read.All, User.Read.All, Group.ReadWrite.All, AppCatalog.ReadWrite.All, TeamSettings.ReadWrite.All, Channel.Delete.All, ChannelSettings.ReadWrite.All, ChannelMember.ReadWrite.All
-
Update
- Organization.Read.All, User.Read.All, Group.ReadWrite.All, AppCatalog.ReadWrite.All, TeamSettings.ReadWrite.All, Channel.Delete.All, ChannelSettings.ReadWrite.All, ChannelMember.ReadWrite.All
Examples¶
Example 1¶
This examples sets the Teams Federation Configuration.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$credsGlobalAdmin
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
TeamsFederationConfiguration 'FederationConfiguration'
{
Identity = "Global";
AllowedDomains = @();
BlockedDomains = @();
AllowFederatedUsers = $True;
AllowPublicUsers = $True;
AllowTeamsConsumer = $True;
AllowTeamsConsumerInbound = $True;
RestrictTeamsConsumerToExternalUserProfiles = $False;
SharedSipAddressSpace = $False;
TreatDiscoveredPartnersAsUnverified = $False;
Credential = $credsGlobalAdmin
}
}
}