Assign Global App Permission Policy to users

Some apps need to go through testing phase first. That is why Teams Administrators usually create temporary App Permission Policy to allow app to a certain scope of a users.

If you for example, later want to delete this temporary policy and assign all users global policy you will bump into an error saying something like:

The policy “PolicyName” is currently assigned to one or more users. You must assign a different policy to those users before you can delete this policy.

So we need to remove policy from all users and assign them Global policy. This can be easily done via Powershell:

(Get-CsOnlineUser -Filter {TeamsAppPermissionPolicy -eq "Temporary Policy Name"}).UserPrincipalName | %{Grant-CsTeamsAppPermissionPolicy -Identity $_ -PolicyName $null}

This script is first looking for user which have old temporary Policy applied and then foreach found user it removes temporary policy.

You cannot use “-PolicyName “Global”” as Global policy is not a user policy, so when you null the policy Global policy is automatically applied to this users.

When temporary policy has been removed from the users it can be deleted.

Hope this article helped you in your daily operations. Feel free to comment, share or discuss this solution.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: