Merge branch 'main' into EWSCortana-chrisda

chrisda · chrisda · commit 7971564abf83 · 2022-09-19T13:31:45.000-07:00
diff --git a/teams/teams-ps/teams/Connect-MicrosoftTeams.md b/teams/teams-ps/teams/Connect-MicrosoftTeams.md
@@ -29,11 +29,24 @@ Connect-MicrosoftTeams
 [<CommonParameters>]
 ```
 
+### ServicePrincipalCertificate
+```
+Connect-MicrosoftTeams 
+-TenantId <String> 
+-CertificateThumbprint <String> 
+-ApplicationId <String> 
+[-LogLevel <LogLevel>] 
+[-LogFilePath <String>] 
+[-WhatIf] 
+[-Confirm] 
+[<CommonParameters>] 
+```
+
 ### AccessTokens
 ```
 Connect-MicrosoftTeams 
 [-TenantId <String>] 
--AccessTokens <String[]>  
+-AccessTokens <String[]> 
 [-LogLevel <LogLevel>] 
 [-LogFilePath <String>] 
 [-WhatIf] 
@@ -79,7 +92,45 @@ Account                 Environment 	Tenant                                Tenan
 user@contoso.com        TeamsGCCH   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 ```
 
-### Example 4: Connect to MicrosoftTeams using Access Tokens
+### Example 4: Connect to MicrosoftTeams using a certificate thumbprint
+This example demonstrates how to authenticate using a certificate thumbprint. Application-based authentication has been reintroduced in preview with version 4.7.1-preview. For details and supported cmdlets, please see [Application-based authentication in Teams PowerShell Module](/MicrosoftTeams/teams-powershell-application-authentication).
+
+```powershell
+Connect-MicrosoftTeams -CertificateThumbprint "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" -ApplicationId "00000000-0000-0000-0000-000000000000" -TenantId "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
+```
+
+### Example 5: Connect to MicrosoftTeams using Application-based Access Tokens
+This example demonstrates how to authenticate with an application using Access Tokens. Access Tokens can be retrieved via the login.microsoftonline.com endpoint. It requires two Access Tokens – “MS Graph” and “Skype and Teams Tenant Admin API” resources.
+
+Application-based authentication has been reintroduced in preview with version 4.7.1-preview. For details and supported cmdlets, see [Application-based authentication in Teams PowerShell Module](/MicrosoftTeams/teams-powershell-application-authentication).
+
+```powershell
+$ClientSecret   = "…"
+$ApplicationID = "00000000-0000-0000-0000-000000000000"
+$TenantID = "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
+
+$graphtokenBody = @{   
+   Grant_Type    = "client_credentials"   
+   Scope         = "https://graph.microsoft.com/.default"   
+   Client_Id     = $ApplicationID   
+   Client_Secret = $ClientSecret   
+}  
+
+$graphToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token" -Method POST -Body $graphtokenBody | Select-Object -ExpandProperty Access_Token 
+
+$teamstokenBody = @{   
+   Grant_Type    = "client_credentials"   
+   Scope         = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"   
+   Client_Id     = $ApplicationID   
+   Client_Secret = $ClientSecret 
+} 
+
+$teamsToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token" -Method POST -Body $teamstokenBody | Select-Object -ExpandProperty Access_Token 
+
+Connect-MicrosoftTeams -AccessTokens @("$graphToken", "$teamsToken")
+```
+
+### Example 6: Connect to MicrosoftTeams using Access Tokens in the delegated flow
 This example demonstrates how to sign in using Access Tokens. Admin can retrieve Access Tokens via the login.microsoftonline.com endpoint. It requires two tokens, MS Graph Access Token and Teams Resource token. 
 
 A delegated flow, such as Resource Owner Password Credentials (ROPC) or device code, must be used, with the following delegated app permissions required.
@@ -119,23 +170,25 @@ user@contoso.com        AzureCloud   xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  xxxxx
 ## PARAMETERS
 
 ### AccessTokens
-Specifies a access tokens for "MSGraph" and "Skype and Teams Tenant Admin API" resources. This new parameter is added in version 2.3.2-preview. 
-
-Following steps must be performed by Tenant Admin in the Azure portal when using your own application. 
-
-Steps to configure the AAD application. 
-1. Go to Azure portal and go to App Registrations. 
-2. Create or select the existing application.
-3. Add the following permission to this Application. 
-4. Click API permissions. 
-5. Click Add a permission. 
-6. Click on the Microsoft MS Graph, and then select Delegated Permission.
-7. Add the following permissions: "AppCatalog.ReadWrite.All", "Group.ReadWrite.All", "User.Read.All";
-8. Next, we need to add "Skype and Teams Tenant Admin API" resource permission. Click Add a permission.
-9. Navigate to "APIs my organization uses" 
-10. Search for "Skype and Teams Tenant Admin API".
-11. Add all the listed permissions. 
-12. Grant admin consent to both MS Graph and "Skype and Teams Tenant Admin API" name.
+Specifies access tokens for "MS Graph" and "Skype and Teams Tenant Admin API" resources. Both the tokens used should be of the same type.
+
+- Application-based authentication has been reintroduced in preview with version 4.7.1-preview. For details and supported cmdlets, see [Application-based authentication in Teams PowerShell Module](/MicrosoftTeams/teams-powershell-application-authentication).
+
+- Delegated flow - The following steps must be performed by Tenant Admin in the Azure portal when using your own application. 
+
+   Steps to configure the AAD application. 
+   1. Go to Azure portal and go to App Registrations. 
+   2. Create or select the existing application.
+   3. Add the following permission to this Application. 
+   4. Click API permissions. 
+   5. Click Add a permission. 
+   6. Click on the Microsoft MS Graph, and then select Delegated Permission.
+   7. Add the following permissions: "AppCatalog.ReadWrite.All", "Group.ReadWrite.All", "User.Read.All";
+   8. Next, we need to add "Skype and Teams Tenant Admin API" resource permission. Click Add a permission.
+   9. Navigate to "APIs my organization uses" 
+   10. Search for "Skype and Teams Tenant Admin API".
+   11. Add all the listed permissions. 
+   12. Grant admin consent to both MS Graph and "Skype and Teams Tenant Admin API" name.
 
 ```yaml
 Type: String[]
@@ -179,10 +232,9 @@ Accept wildcard characters: False
 ```
 
 ### -ApplicationId
-Specifies the application ID of the service principal.
+Specifies the application ID of the service principal that is used in application-based authentication. 
 
-> [!WARNING]
->This parameter has been removed from the latest versions and replaced by the AccessTokens parameter.
+This parameter has been reintroduced in preview with version 4.7.1-preview. For more information about Application-based authentication and supported cmdlets, see [Application-based authentication in Teams PowerShell Module](/MicrosoftTeams/teams-powershell-application-authentication). 
 
 ```yaml
 Type: String
@@ -195,10 +247,10 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -CertificateThumbprint (Removed from version 2.4.1-preview)
-Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.
-> [!WARNING]
->This parameter has been removed from version 2.4.1-preview.
+### -CertificateThumbprint
+Specifies the certificate thumbprint of a digital public key X.509 certificate of an application that has permission to perform this action.
+
+This parameter has been reintroduced in preview with version 4.7.1-preview. For more information about Application-based authentication and supported cmdlets, see [Application-based authentication in Teams PowerShell Module](/MicrosoftTeams/teams-powershell-application-authentication).
 
 ```yaml
 Type: String
