Microsoft Teams PowerShell: Web Account Manager (WAM) becomes the default authentication broker

🚨 The Signal: Microsoft Teams PowerShell module now defaults to Web Account Manager (WAM) for authentication on Windows, enhancing security and consistency. This change affects interactive sign-ins and credential-based connections, improving credential protection.

The Impact

Windows Teams PowerShell admins face improved authentication security, reducing credential compromise risk.

• Teams PowerShell admins: Enhanced security for interactive and credential-based sign-ins.
• Security teams: Reduced risk of credential theft for PowerShell sessions.
• Identity teams: More consistent authentication experience for administrative accounts.

The Action

1. Review existing Teams PowerShell scripts for compatibility with WAM-based authentication.
2. Familiarise with the temporary -DisableWAM parameter for troubleshooting, noting its eventual removal.
3. Ensure Windows environments are up-to-date to fully support WAM functionality.

Domain: Teams · Impact: medium · Workload: Teams · Essential Eight: Multi-Factor Authentication, Restrict Administrative Privileges · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0445, ISM-0974, ISM-1173, ISM-1175, ISM-1228, ISM-1380, ISM-1401, ISM-1504, ISM-1505, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1686, ISM-1688, ISM-1689, ISM-1815, ISM-1819, ISM-1872, ISM-1873, ISM-1874, ISM-1883, ISM-1892, ISM-1893, ISM-1894, ISM-1897, ISM-1898, ISM-1906, ISM-1907