search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.64k stars 505 forks source link

Export-M365DSCConfiguration: Mode "Full" doesn't include TeamsUserCallingSettings #3180

Closed leitzler closed 9 months ago

leitzler commented 1 year ago

Details of the scenario you tried and the problem that is occurring

I compared output from resources extracted during:

Export-M365DSCConfiguration -CertificateThumbprint $Cert.Thumbprint -TenantId <redacted>.onmicrosoft.com -ApplicationId 01234567-890a-bcde-f012-34567890abcd -Path Output -Mode Full -MaxProcesses 64

and:

Get-M365DSCAllResources

Verbose logs showing the problem

N/A

Suggested solution to the issue

Use Get-M365DSCAllResources as source for Full to ensure TeamsUserCallingSettings is exported.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Using Windows Server Core container, mcr.microsoft.com/windows/servercore:1809-amd64.

Install-PackageProvider -Name NuGet -Force
Install-Module Microsoft365DSC -Force
Update-M365DSCDependencies

The operating system the target node is running

OsName               : Microsoft Windows Server 2019 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.412.1 Microsoft365DSC                     PSGallery            This DSC module is used to configure and monitor Microsoft tenants, including SharePoint Online, Exchange, Teams, etc.
leitzler commented 1 year ago

There is a warning printed when running the export:

[WARNING] Based on the provided Authentication parameters, the following resources cannot be extracted:
TeamsUserCallingSettings

However, the application I use do have all API permissions required as well as the role "Global Administrator" assigned (as well as "Global Reader" and "Teams Administrator" just to make sure).

Assigned API permissions, all granted:

``` Microsoft Graph (25) * AdministrativeUnit.Read.All - Application * Agreement.Read.All - Application * Application.Read.All - Application * ChannelSettings.Read.All - Application * DeviceManagementApps.Read.All - Application * DeviceManagementApps.ReadWrite.All - Application * DeviceManagementConfiguration.Read.All - Application * DeviceManagementConfiguration.ReadWrite.All - Application * DeviceManagementManagedDevices.Read.All - Application * DeviceManagementRBAC.Read.All - Application * DeviceManagementRBAC.ReadWrite.All - Application * DeviceManagementServiceConfig.Read.All - Application * Directory.Read.All - Application * Domain.Read.All - Application * EntitlementManagement.Read.All - Application * EntitlementManagement.ReadWrite.All - Application * Group.Read.All - Application * Organization.Read.All - Application * Policy.Read.All - Application * RoleManagement.Read.Directory - Application * RoleManagementPolicy.Read.Directory - Application * Sites.FullControl.All - Application * Tasks.Read.All - Application * User.Read - Delegated * User.Read.All - Application Office 365 Exchange Online (1) * Exchange.ManageAsApp - Application SharePoint (2) * Sites.FullControl.All - Application * User.Read.All - Application ```
andikrueger commented 1 year ago

This looks like an issue with the configuration within M365DSC. We should be able to get all information with the authentication method chosen.

andikrueger commented 1 year ago

Found the source of the issue. The TeamUserCallingSettings Resource does not have the proper set of authentication params.

NikCharlebois commented 1 year ago

TeamsUserCallingSettings is the ONLY Teams resource not supporting ServicePrincipal yet. The Teams product group is working on adding support for its associated cmdlet but we do no yet have any ETA.

NikCharlebois commented 1 year ago

I will try to get the latest ETA on this and will report back.

leitzler commented 1 year ago

Thank you, that makes sense! If it is far into the future it could be helpful to update the messages to tell the user that TeamsUserCallingSettings doesn't support ServicePricipal.

NikCharlebois commented 1 year ago

Still no ETA from the Teams PG. Will report back when I hear more.

NikCharlebois commented 1 year ago

Still no ETA. Keeping this open.

andikrueger commented 12 months ago

Looks like Set-CsUserCallingSettings is no longer in the list of not supported cmdLets for Application-based Authentication. https://learn.microsoft.com/en-us/microsoftteams/teams-powershell-application-authentication#cmdlets-supported

@NikCharlebois Can you confirm?

dave1996 commented 10 months ago

I'm having the same issue here. Seems the TeamsUserCallingSettings component still can not be exported with certificate thumbprint, it will ignore all the certificate auth parameters and ask me to input my username and password.

ricmestre commented 10 months ago

It seems to work now, I'll send a PR shortly. I really don't like the domain to appear in the export instead of being replaced by $OrganizationName but that's going to be for another day.

        TeamsUserCallingSettings "TeamsUserCallingSettings-AdeleV@REDACTED"
        {
            ApplicationId         = $ConfigurationData.NonNodeData.ApplicationId;
            CallGroupOrder        = "Simultaneous";
            CallGroupTargets      = @();
            CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Ensure                = "Present";
            Identity              = "AdeleV@REDACTED";
            TenantId              = $OrganizationName;
            UnansweredDelay       = "00:00:20";
        }