Add/Remove members from a Teams custom App Permission Policy and Setup Policy using PowerShell

This script will add or remove members from a Teams App Permission Policy and an App Setup Policy using PowerShell. You will need to change the names of the policies in the variables, and for assigning members you will need the Group Object ID so that you can assign the policy to the group members.

The blocks are commented out, so that you can highlight the code block and run the assign or unassign script separately of each other.

Connect-MicrosoftTeams
 
$AppPermissionPolicy = "Custom App Policy Name"
$AppSetupPolicy = "Custom App Setup Policy Name"
 
<# --------------------- Assign Policies to Users in an AAD Group -----------------------
$GroupObjectId="00000000-0000-0000-0000-000000000000"
 
$GroupMembers = Get-AzureADGroupMember -ObjectId $GroupObjectId -All $true | select UserPrincipalName
$GroupMembers | ForEach {
    Grant-CsTeamsAppPermissionPolicy -Identity $_.UserPrincipalName -PolicyName $AppPermissionPolicy
    Grant-CsTeamsAppSetupPolicy -Identity $_.UserPrincipalName -PolicyName $AppSetupPolicy
}
#--------------------------------------------------------------------------------------#>
 
 
<# --------------------- Remove App Permission Policy from Users ------------------------

$filter = "TeamsAppPermissionPolicy -eq '$($AppPermissionPolicy)'"
$GroupMembers = Get-CsOnlineUser -Filter $filter | Select UserPrincipalName
$GroupMembers | ForEach {
    #New-CsBatchPolicyAssignmentOperation -PolicyType TeamsAppPermissionPolicy -PolicyName $null -Identity $_.UserPrincipalName -OperationName "Batch unassign $($AppPermissionPolicy) app permission policy"
    Grant-CsTeamsAppPermissionPolicy -Identity $_.UserPrincipalName -PolicyName $null
    }

#--------------------------------------------------------------------------------------#> 

<# --------------------- Remove App Setup Policy from Users -----------------------------

$filter = "TeamsAppSetupPolicy -eq '$($AppSetupPolicy)'"
$GroupMembers = Get-CsOnlineUser -Filter $filter | Select UserPrincipalName
$GroupMembers | ForEach {
    #New-CsBatchPolicyAssignmentOperation -PolicyType TeamsAppSetupPolicy -PolicyName $null -Identity $_.UserPrincipalName -OperationName "Batch unassign $($AppPermissionPolicy) app setup policy"
    Grant-CsTeamsAppSetupPolicy -Identity $_.UserPrincipalName -PolicyName $null
    }
#--------------------------------------------------------------------------------------#> 

Sources:

• https://learn.microsoft.com/en-us/powershell/module/teams/new-csbatchpolicyassignmentoperation?view=teams-ps 

Share on Google Plus

About Tom DeMeulenaere

Highly accomplished information technology professional with extensive knowledge in System Center Configuration Manager, Windows Server, SharePoint, and Office 365.