Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibet7j55iat4cpslt37awokp5xen7edhsqbwy67hg5xerosnn3h4a",
    "uri": "at://did:plc:xxrzfynfiasdpbxteqxi4jgq/app.bsky.feed.post/3mngcynfpzmb2"
  },
  "description": "Microsoft Teams PowerShell module will use Web Account Manager (WAM) as the default authentication broker on Windows starting late June 2026 (version 7.8.1). A temporary -DisableWAM parameter allows bypassing WAM. Non-interactive and older Windows versions are unaffected. Admins should review and...",
  "path": "/m365-message-center/message/mc1338817/",
  "publishedAt": "2026-06-04T00:00:05.000Z",
  "site": "https://blog.tophhie.cloud",
  "tags": [
    "Connect-MicrosoftTeams | Microsoft Teams | Microsoft Learn"
  ],
  "textContent": "**[What and Why]**\n\nWe are updating the Microsoft Teams PowerShell module to use **Web Account Manager (WAM)** as the default authentication broker for sign-in. This change improves security and provides a more consistent authentication experience on Windows.\n\nA new temporary parameter,**-DisableWAM,** is available in the _Connect-MicrosoftTeams cmdlet_ , allowing admins to bypass WAM for a single connection if it is not supported in their environment.\n\nThis change is available starting with**preview version 7.8.1 of the Teams PowerShell module**.\n\n**[Rollout Schedule]**\n\n**General Availability (Worldwide, GCC, GCCH, DoD):** Rollout will begin in**late June 2026** and is expected to complete in**late June 2026**.\n\n**[Impact on Your Organization]**\n\n_Who is affected_\n\n  * Admins using the Microsoft Teams PowerShell module on Windows\n\n\n\n _Platforms/Services_\n\n  * Microsoft Teams PowerShell module\n  * Windows\n\n\n\n _What will happen_\n\n  * Sign-in for the following scenarios will use WAM as the authentication broker:\n    * Interactive sign-in using Connect-MicrosoftTeams\n    * Connect-MicrosoftTeams with credential (-Credential)\n    * Connect-MicrosoftTeams with AccountId (-AccountId, Integrated Windows Authentication)\n  * The following sign-in methods are **not affected** :\n    * Service principal with certificate\n    * Managed identity\n    * Pre-acquired access tokens\n  * A temporary **-DisableWAM** parameter is available to bypass WAM for a single connection.\n  * The **-DisableWAM** parameter will be removed in a future release.\n\n\n\n_Known limitations:_\n\n  * On macOS, Linux, and Windows versions earlier than Windows 10 or Windows Server 2019, existing authentication behavior remains unchanged.\n  * WAM requires an interactive Windows session with UI access.\n  * WAM will not work in non-interactive scenarios such as Windows services, scheduled tasks without a logged-in user, or scenarios that run under impersonation.\n\n\n\n**[Action Required / Recommendations]**\n\n  * Review any scripts that use the Teams PowerShell module, especially those running in non-interactive environments.\n  * Update scripts if needed to support WAM authentication.\n  * Use the **-DisableWAM** parameter as a temporary workaround if required.\n\n\n\n**Learn more:** Connect-MicrosoftTeams | Microsoft Teams | Microsoft Learn\n\n**[Compliance considerations]**\n\nNo compliance considerations identified. Review as appropriate for your organization.",
  "title": "MC1338817: Microsoft Teams PowerShell: Web Account Manager (WAM) becomes the default authentication broker",
  "updatedAt": "2026-06-04T00:00:05.562Z"
}