Skip to Content

MC1338817: Microsoft Teams PowerShell: Web Account Manager (WAM) becomes the default authentication broker

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1338817: Microsoft Teams PowerShell: Web Account Manager (WAM) becomes the default authentication broker

Summary

  • Microsoft Teams PowerShell on Windows will default to using Web Account Manager (WAM) for Connect-MicrosoftTeams sign-ins (interactive, -Credential, -AccountId/IWA).
  • A temporary -DisableWAM parameter is available to bypass WAM for a single connection; it will be removed in a future release.
  • Preview availability begins in the Teams PowerShell preview (v7.8.1); admins should review and update any scripts that run in non-interactive environments (services, scheduled tasks, automation).
  • Sign-in methods not affected: service principal with certificate, managed identity, and pre-acquired access tokens.

Primary Service: Teams
Admin Impact: High
User Impact: Low
Release Start: 30 Jun 2026
Release End: 30 Jun 2026
Services: PowerShell, Teams, Windows
Category: Plan for change
Tags: Admin Action, User Adoption

History

6/3/2026 Item Added to Message Center

Microsoft Message

What and Why

We are updating the Microsoft Teams PowerShell module to use Web Account Manager (WAM) as the default authentication broker for sign-in. This change improves security and provides a more consistent authentication experience on Windows.

A new temporary parameter, -DisableWAM, is available in the Connect-MicrosoftTeams cmdlet, allowing admins to bypass WAM for a single connection if it is not supported in their environment.

This change is available starting with preview version 7.8.1 of the Teams PowerShell module.

Rollout Schedule

General Availability (Worldwide, GCC, GCCH, DoD): Rollout will begin in late June 2026 and is expected to complete in late June 2026.

Impact on Your Organization

Who is affected

  • Admins using the Microsoft Teams PowerShell module on Windows

Platforms/Services

  • Microsoft Teams PowerShell module
  • Windows

What will happen

  • Sign-in for the following scenarios will use WAM as the authentication broker:
    • Interactive sign-in using Connect-MicrosoftTeams
    • Connect-MicrosoftTeams with credential (-Credential)
    • Connect-MicrosoftTeams with AccountId (-AccountId, Integrated Windows Authentication)
  • The following sign-in methods are not affected:
    • Service principal with certificate
    • Managed identity
    • Pre-acquired access tokens
  • A temporary -DisableWAM parameter is available to bypass WAM for a single connection.
  • The -DisableWAM parameter will be removed in a future release.

Known limitations:

  • On macOS, Linux, and Windows versions earlier than Windows 10 or Windows Server 2019, existing authentication behavior remains unchanged.
  • WAM requires an interactive Windows session with UI access.
  • WAM will not work in non-interactive scenarios such as Windows services, scheduled tasks without a logged-in user, or scenarios that run under impersonation.

Action Required / Recommendations

  • Review any scripts that use the Teams PowerShell module, especially those running in non-interactive environments.
  • Update scripts if needed to support WAM authentication.
  • Use the -DisableWAM parameter as a temporary workaround if required.

Learn more: Connect-MicrosoftTeams | Microsoft Teams | Microsoft Learn

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.