Assigning Teams Policies to Groups

When working with Microsoft Teams, a fairly new feature is the ability to assign Teams Policies to groups of accounts. Teams itself, has not really supported this, even though you could assign policies to teams, you would need to use PowerShell, to get the Azure Active Directory Group, then iterate the group members assigning the policies to each member. Microsoft then releases the batch commands to hell with this, which would take an array of accounts and perform the same task of assigning to each account.

The better way of doing this is to use the Teams Admin Center or PowerShell. Adding them is as simple of navigating to the selected policies, then choose the Group Assignment tab, then configure as needed.

I prefer PowerShell, so as such here is an example of the PowerShell you would use:

$group = Get-AzureADGroup -SearchString "All Company"
New-CsGroupPolicyAssignment `
          -GroupId $group.ObjectId `
          -PolicyType "TeamsMessagingPolicy" `
          -PolicyName "Messaging Policy"

To add other types, the “PolicyType” parameter can be either of these values:

  • TeamsMessagingPolicy
  • TeamsMeetingPolicy
  • TeamsCallingPolicy
  • TeamsMeetingBroadcastPolicy
  • TeamsAppSetupPolicy
  • TeamsChannelsPolicy

Using PowerShell allows better flexibility and can be scripted into functions such as this (Not using MFA):

function Invoke-AssignTeamsPolicyToGroup()
{
    param(
        [Parameter(Mandatory)]
        [string]$GroupName,
        [Parameter(Mandatory)]
        [ValidateSet('TeamsMessagingPolicy', `
            'TeamsMeetingPolicy',`
            'TeamsCallingPolicy',`
            'TeamsMeetingBroadcastPolicy',`
            'TeamsAppSetupPolicy',`
            'TeamsChannelsPolicy')]
        [string]$PolicyType,
        [Parameter(Mandatory)]
        [string]$PolicyName
    )

    $Group = Get-AzureADGroup -All:$true | `
               Where-Object { $_.DisplayName -eq $GroupName }

    if($Group)
    {
        Write-Host "Assigning: $($PolicyType) Policy" `
               -ForegroundColor Yellow

        New-CsGroupPolicyAssignment `
               -GroupId $Group.ObjectId `
               -PolicyType "$($PolicyType)" `
               -PolicyName "$($PolicyName)"

        Write-Host "Assigned: $($PolicyType) Policy" `
               -ForegroundColor Green
    }
    else
    {
        Write-Host "Please check policy and try again" `
               -ForegroundColor Red
        Break
    }
}

This is just an example of what you could do. Hope this helps.

Liam Cleary

Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes, and of course security controls and protection. He is also a Microsoft MVP focusing on Architecture but also crosses the boundary into Development. He is also a Microsoft Certified Trainer (MCT). His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...