check before: 2025-09-14
Product:
Entra, Skype for Business, Teams
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Summary:
Starting September 15, 2025, Microsoft Teams PowerShell Module requires updated application permissions for Entra applications using Administrative Units: RoleManagement.Read.Directory for all and GroupMember.Read.All for specific cmdlets. Organizations must review and update these permissions to avoid service disruption.
Details:
Updated September 2, 2025: We have updated the content. Thank you for your patience.
Introduction
We are reaching out to inform you of an important security and authentication update that may impact your integration with the Microsoft Teams PowerShell Module. As part of our ongoing commitment to strengthening security across Microsoft 365 services, we are updating the authentication requirements for application-based authentication with Administrative Units in the Teams PowerShell Module.
These changes are designed to ensure that Entra applications with Administrative Units used for backend access to Teams PowerShell are properly scoped and secured. If your organization uses Entra applications to automate or manage Teams via PowerShell, action is required to avoid service disruption.
When will this happen
This change will take effect on Monday, September 15, 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-08-14
updated:
2025-09-03
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Service Disruption
Failure to update application permissions may lead to service disruption in Microsoft Teams PowerShell Module, affecting automation and management tasks.
- roles: IT Administrators, DevOps Engineers
- references: https://learn.microsoft.com/microsoftteams/teams-powershell-application-authentication
Increased Support Tickets
Users may experience issues with Teams functionalities, leading to an increase in support tickets and user frustration.
- roles: Helpdesk Support, IT Support Specialists
- references: https://learn.microsoft.com/microsoftteams/teams-powershell-application-authentication
Compliance Risks
Not updating permissions could lead to compliance risks if the organization fails to adhere to security protocols, potentially exposing sensitive data.
- roles: Compliance Officers, Security Analysts
- references: https://learn.microsoft.com/microsoftteams/teams-powershell-application-authentication
User Experience Degradation
Users relying on automated scripts for Teams management may face degraded experience or complete failure of functionalities, impacting productivity.
- roles: IT Administrators, End Users
- references: https://learn.microsoft.com/microsoftteams/teams-powershell-application-authentication
Operational Inefficiencies
Without proper permissions, operational workflows that depend on Teams PowerShell may become inefficient or halt, affecting overall team performance.
- roles: Project Managers, Team Leaders
- references: https://learn.microsoft.com/microsoftteams/teams-powershell-application-authentication
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Starting September 15, 2025, Microsoft is implementing a security update for the Microsoft Teams PowerShell Module. This update requires changes to the permissions for Entra applications that use Administrative Units. Think of this update like a new security protocol for accessing a building. Previously, you might have had a general access card that let you into various areas. Now, to enhance security, you need a special card for certain sections of the building.
For organizations using Entra applications to manage Teams via PowerShell, it's essential to update these permissions to prevent any disruption in service. Specifically, two new permissions are required: RoleManagement.Read.Directory for all Entra applications and GroupMember.Read.All for specific command functions. Imagine these permissions as keys to different doors within the building; without them, you won't be able to access certain areas.
To prepare, organizations should review their Entra applications and update the necessary permissions. This process is similar to checking which employees need access to which parts of the building and then issuing them the appropriate keys. After updating, it's crucial to test the integrations to ensure everything continues to work smoothly, much like doing a walkthrough to ensure all the new keys function as expected.
This update is part of a broader effort to enhance security and ensure that only authorized applications have access to sensitive areas, akin to ensuring that only the right people can enter secure parts of a building. No compliance issues have been identified with this update, but organizations should review it according to their specific needs.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-09-03 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
| 2025-09-03 | MC Summary | Microsoft Teams PowerShell Module requires updated application permissions—RoleManagement.Read.Directory and GroupMember.Read.All—for Entra app authentication starting September 15, 2025. Organizations must review and update these permissions in Entra ID to avoid service disruption. No changes needed for delegated permissions. | Starting September 15, 2025, Microsoft Teams PowerShell Module requires updated application permissions for Entra applications using Administrative Units: RoleManagement.Read.Directory for all and GroupMember.Read.All for specific cmdlets. Organizations must review and update these permissions to avoid service disruption. |
| 2025-09-03 | MC Last Updated | 08/14/2025 01:31:34 | 2025-09-02T15:37:14Z |
| 2025-09-03 | MC Messages | Introduction
We are reaching out to inform you of an important security and authentication update that may impact your integration with the Microsoft Teams PowerShell Module. As part of our ongoing commitment to strengthening security across Microsoft 365 services, we are updating the authentication requirements for application-based authentication in the Teams PowerShell Module. These changes are designed to ensure that Entra applications used for backend access to Teams PowerShell are properly scoped and secured. If your organization uses Entra applications to automate or manage Teams via PowerShell, action is required to avoid service disruption. When will this happen This change will take effect on Monday, September 15, 2025. | Updated September 2, 2025: We have updated the content. Thank you for your patience.
Introduction We are reaching out to inform you of an important security and authentication update that may impact your integration with the Microsoft Teams PowerShell Module. As part of our ongoing commitment to strengthening security across Microsoft 365 services, we are updating the authentication requirements for application-based authentication with Administrative Units in the Teams PowerShell Module. These changes are designed to ensure that Entra applications with Administrative Units used for backend access to Teams PowerShell are properly scoped and secured. If your organization uses Entra applications to automate or manage Teams via PowerShell, action is required to avoid service disruption. When will this happen This change will take effect on Monday, September 15, 2025. |
| 2025-09-03 | MC Title | Security Update: New Authentication Requirements for integration with Microsoft Teams PowerShell Module | (Updated) Security Update: New Authentication Requirements for integration with Microsoft Teams PowerShell Module |
| 2025-09-03 | MC How Affect | If your organization uses Entra applications to authenticate against the Microsoft Teams PowerShell Module, you must update the Application permissions to avoid disruption.
Specifically: RoleManagement.Read.Directory: Required for all Entra applications to verify association with an Administrative Unit. GroupMember.Read.All: Required if your application uses the following cmdlets: *-CsGroupPolicyAssignment *-CsGroupPolicyPackageAssignment No changes are required for delegated permissions. What you can do to prepare To ensure uninterrupted access: 1. Review your Entra applications: Go to Microsoft Entra ID > Roles and administrators. Check the Global Administrator, Teams Administrator, and Skype for Business Administrator roles for any Entra applications or service principals used with Teams PowerShell. 2. Update API permissions: Navigate to Microsoft Entra ID > App registrations. Locate the relevant application and add the following permissions: GroupMember.Read.All RoleManagement.Read.Directory 3. Test your integrations to confirm continued functionality. Learn more: Application-based authentication in Teams PowerShell Module. Compliance considerations No compliance considerations identified, review as appropriate for your organization. | If your organization uses Entra applications to authenticate against the Microsoft Teams PowerShell Module, you must update the Application permissions to avoid disruption.
Specifically: RoleManagement.Read.Directory: Required for all Entra applications to verify association with an Administrative Unit. GroupMember.Read.All: Required if your application with Administrative Units uses the following cmdlets: *-CsGroupPolicyAssignment *-CsGroupPolicyPackageAssignment No changes are required for delegated permissions. What you can do to prepare To ensure uninterrupted access: 1. Review your Entra applications: Go to Microsoft Entra ID > Roles and administrators. Check the Teams Administrator roles for any Entra applications or service principals, under the scope of Administrative Units, used with Teams PowerShell. 2. Update API permissions: Navigate to Microsoft Entra ID > App registrations. * Locate the relevant application under the scope of Administrative Units and add the following permissions: GroupMember.Read.All RoleManagement.Read.Directory 3. Test your integrations to confirm continued functionality. Learn more: Application-based authentication in Teams PowerShell Module. Compliance considerations No compliance considerations identified, review as appropriate for your organization. |
Last updated 3 months ago ago
