隨著 Microsoft 增強其所有產品和服務的安全性狀態,API 功能發生 了變化 ,這可能會影響先前依賴僅限應用程式許可權來使用 API 佈建課程筆記本和課程團隊的客戶。
附註: 在大部分情況下,建議您使用 SDS) (學校數據同步處理 ,這是一項免費服務,可協助將學生資訊或管理系統中的使用者和名冊數據與 Microsoft 365 同步處理的程式自動化。 SDS 可協助您管理教育組織、使用者、類別和角色,將您的數據與 Microsoft Entra ID 和 Microsoft 365 同步處理,以便您可以使用 Microsoft Teams、教育用 Intune、Exchange Online、SharePoint Online、OneNote 課程筆記本,並啟用具有單一登入整合的第三方應用程式。
您仍然可以遵循支援的方法,使用 PowerShell 和 Microsoft Graph 大規模佈建類別和筆記本。 本文概述了這些步驟,並提供相關文件的連結。
重要: 如果您正在與第三方合作夥伴合作進行大規模佈建課程,請先與他們分享本文,然後再自行採取步驟。
佈建新類別
建議 (選項 1) :使用 Teams PowerShell
警告: 在 2025 年 8 月 21 日之前,本檔的舊版建議在進行必要的更新之前,先透過 Teams PowerShell 佈建。 這些更新現已完成, 您現在可以繼續使用此方法。 感謝您的耐心等候。
使用 Teams PowerShell 佈建新類別很簡單,其中將包含類別和筆記本的所有必要設定。 只需在以下腳本中自定義所需的顯示名稱並以管理員身份運行它。
範例指令碼
# Using the Teams PowerShell SDK
Install-Module -MicrosoftTeams -Force -AllowClobber
New-Team -DisplayName 'Test Class 20251208.4' -Template 'EDU_Class'
|
選項 2:使用 Microsoft Graph PowerShell
如果您無法存取 Teams PowerShell,您可能想要使用 Microsoft Graph 大規模探索佈建類別。 視需要編輯下列指令碼頂端的參數,然後以系統管理員身分執行指令碼,以大規模佈建類別和筆記本:
範例指令碼
# Using the MS Graph API
Install-Module Microsoft.Graph -AllowClobber -Force
# PARAMETERS
$Name = "Test Class 20251208.3"
$Description = "A Test Class"
$Mail = $Name -replace '[^a-zA-Z0-9\s]|[ ]', '' # Replace this mail alias with a preferred generation method
$OwnerId = "000-000-00000-000000-000" # Replace this with the Owner's GUID
# ------------
# Create a new M365 Group
$CreateGroupBody = @"
{
"description": "$Name",
"displayName": "$Description",
"groupTypes": [
"Unified"
],
"mailEnabled": false,
"mailNickname": "$Mail",
"securityEnabled": false,
"members@odata.bind": [
"https://graph.microsoft.com/v1.0/users/$OwnerId"
],
"owners@odata.bind": [
"https://graph.microsoft.com/v1.0/users/$OwnerId"
],
"visibility": "HiddenMembership",
"creationOptions": [
"ExchangeProvisioningFlags:461",
"classAssignments"
],
"extension_fe2174665583431c953114ff7268b7b3_Education_ObjectType": "Section",
"resourceBehaviorOptions": [
"appRoleForSite:22d27567-b3f0-4dc2-9ec2-46ed368ba538:fullcontrol",
"appRoleForSite:c9a559d2-7aab-4f13-a6ed-e7e9c52aec87:fullcontrol",
"appRoleForSite:13291f5a-59ac-4c59-b0fa-d1632e8f3292:fullcontrol",
"appRoleForSite:2d4d3d8e-2be3-4bef-9f87-7875a61c29de:fullcontrol",
"appRoleForSite:8f348934-64be-4bb2-bc16-c54c96789f43:fullcontrol"
]
}
"@
$NewGroup = Invoke-MgGraphRequest -uri 'https://graph.microsoft.com/v1.0/groups/' -Body $CreateGroupBody -Method POST -ContentType "application/json"
# Create Teams Class Team from group
$CreateTeamBody = @{
"template@odata.bind" = "https://graph.microsoft.com/v1.0/teamsTemplates('educationClass')"
"group@odata.bind" = "https://graph.microsoft.com/v1.0/groups('$($NewGroup.Id)')"
}
New-MgTeam -BodyParameter $CreateTeamBody |
疑難排解:將權限授與現有的課程網站
附註: 此方法也需要執行腳本的人員是網站管理員,如此 處所述。 以下指令碼包含將目前登入的使用者新增為需要疑難排解之網站的網站管理員的步驟。
如果您已佈建班級,並觀察到班級筆記本或 Teams 指派的失敗或許可權問題,您可以使用下列腳本來更新班級的網站許可權,並將 rawGroups 參數取代為受影響類別的 groupID:
範例指令碼
#You will need to connect to SharePoint, Exchange Online, and Graph with the following -Scopes Sites.FullControl.All, as well as collect the groupIDs of Class Teams affected
$rawGroups =@("b0a5905d-09ae-4605-8e12-94da93ecbe92","e0eec729-24ef-451e-b079-56d0baf4dfc9")
# Convert to array of objects with .groupid
$groups = $rawGroups | ForEach-Object { Get-UnifiedGroup -Identity $_ }
$step = 0
#get the currently logged in user's account to add as a site admin
$CUA = (get-mgcontext).account
foreach ($group in $groups) {
$step = $step + 1
Set-SPOUser -Site $group.SharePointSiteUrl -LoginName $CUA -IsSiteCollectionAdmin $true
Write-Host "SiteCollectionAdmin added on $step of $($Groups.Count) Class Sites"
}
#Pause for 5 minutes before tiggering the General Folder creation
Write-Host "Pausing for 5 Minutes before adding perms to allow SiteCollectionAdmin to propagate"
Start-Sleep -Seconds 300
Write-Host "Working on $($Groups.Count) Classes"
foreach ($group in $groups) {
#$step = $step + 1
$Site = Get-MgGroupSite -GroupId $group.ExternalDirectoryObjectId -SiteId "root"
$SiteId = $Site.Id
Write-Host "Processing permissions on $step of $($Groups.Count) Classes"
# These are the AppIds for common Microsoft EDU Apps
$AppIds = @{
"8f348934-64be-4bb2-bc16-c54c96789f43"="EDU Assignments";
"22d27567-b3f0-4dc2-9ec2-46ed368ba538"="Reading Assignments";
"2d4d3d8e-2be3-4bef-9f87-7875a61c29de"="OneNote";
"c9a559d2-7aab-4f13-a6ed-e7e9c52aec87"="Microsoft Forms";
"13291f5a-59ac-4c59-b0fa-d1632e8f3292"="EDU OneNote";
}
# Apply the permissions to the group site
$AppIds.Keys | %{
$AppId = $_
$Name = $AppIds[$_]
$Body = @"
{
"roles": ["fullcontrol"],
"grantedToIdentities": [{
"application": {
"id": "$AppId",
"displayName": "$Name"
}
}]
}
"@
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/v1.0/sites/$SiteId/permissions" -Body $Body -ContentType "application/json"
}
}
Write-Host "Processed $($Groups.Count) Classes, removing sitecollectionadmin"
$step = 0
foreach ($group in $groups) {
$step = $step + 1
Set-SPOUser -Site $group.SharePointSiteUrl -LoginName $CUA -IsSiteCollectionAdmin $false
Write-Host "SiteCollectionAdmin removed on $step of $($Groups.Count) Class Sites"
} |
