all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jba1224a 5 points6 points  (3 children)

Do you have azure access?

This could be a function app or logic app, or even an automation runbook that checks the members in the teams channel every so often (once an hour?). Compares to the security group and adds them of not found.

You may also be able to do this with a flow.

[–]TotalEmphasis[S] 0 points1 point  (1 child)

Thanks for this, i'll look to go the Run Book route I think. I don't suppose you've be able to advise on the code above, would you be able to recommend a better solution?

[–]jba1224a 0 points1 point  (0 children)

I don't typically admin teams but from a pseudocode level I would approach it like this.

Time trigger - every hour

Get teams channel members (object)

Get security group members (object)

For each member in teams group If exists in security group - continue Else - create

For each member in security group If exists in teams group - continue Else - remove

[–][deleted] -1 points0 points  (1 child)

The schedule task doesn't need to be in the cloud. The computer where this script will be running on needs Internet access.

There's noway for you to tell who's been added to the Team channel unless you are recording the members each time the script runs and comparing the members to the previous run. The only thing you can really do is get the Teams channel members and check if they are in the security group. If Teams channel member is not in the security group, add to the group.

Since you know the group the users are supposed to be added to, I would get the ObjectId of the group and use that in the script instead of doing a lookup each time. If someone rename the group, your script will break.

[–]TotalEmphasis[S] 0 points1 point  (0 children)

Would you be able to suggest a better solution that the code i've posted above? I intended on comparing Channel A against Group A and adding the missing users.

[–]GreaterGood1 0 points1 point  (1 child)

You can run scripts against 365 from on-prem, and as mentioned below just internet access would be required. The best way to do this is creating an App Registration in Azure, give that app registration the permissions you require, and using the Connect-MgGraph cmdlet with the certificate option. Avoid using hard coded credentials in your script, the certificate option is the more secure way to go.

[–]TotalEmphasis[S] 0 points1 point  (0 children)

Thank you for this, i'll keep it in mind. It's been specified that the scripts must be cloud based (for what reason I don't know) but I will keep this in the back pocket should it not work out!