Microsoft has announced that it will introduce updated authentication requirements for the Microsoft Teams PowerShell Module, with enforcement starting on September 15, 2025. The change affects organizations using application-based authentication, particularly those integrating Microsoft Entra applications for backend Teams management or automation. The company has cautioned that failure to deploy the necessary changes in time can lead to "service disruption."
According to Microsoft, the update is part of its broader effort to “strengthen security across Microsoft 365 services” and will require Entra applications accessing the Teams PowerShell Module to be “properly scoped and secured.”
This change aligns with the company"s ongoing security hardening, like the ones announced earlier this year in June 2025 where it confirmed that it will be disabling outdated security protocols, which perhaps coincidentally happened just days after the Washington Post email hacks.
For those not familiar, the Microsoft Teams PowerShell Module is widely used for administrative automation, enabling IT teams to configure policies, manage settings, and control Teams features at scale. It is essentially a set of cmdlets for managing Teams directly from the PowerShell command line and requires Windows PowerShell version 5.1 or PowerShell version 7.2 or later.
The message was published on the Microsoft 365 admin center dashboard and it lays out the eligible application permissions that require the update:
- RoleManagement.Read.Directory: Required for all Entra applications to verify association with an Administrative Unit.
- GroupMember.Read.All: Required if your application uses the following cmdlets:
*-CsGroupPolicyAssignment*-CsGroupPolicyPackageAssignment
Aside from that, Microsoft has also outlined the steps on how to "ensure uninterrupted access" by reviewing and updating them. It writes:
1. Review your Entra applications:
- Go to Microsoft Entra ID > Roles and administrators.
- Check the Global Administrator, Teams Administrator, and Skype for Business Administrator roles for any Entra applications or service principals used with Teams PowerShell.
2. Update API permissions:
- Navigate to Microsoft Entra ID > App registrations.
- Locate the relevant application and add the following permissions:
GroupMember.Read.AllRoleManagement.Read.Directory
For those who have access to the Microsoft 365 admin center website, they can view the message under ID MC1134747.