New-MgTeam needs license assignment in delegated scope

[joergrenn]

Describe the bug

When I try to create a new team via Graph Powershell, the command fails in no teams license is assigned to the user.
We separate Admin and User accounts and the Admin Accounts are not licensed.
Now our admins cannot create new teams via powershell.

This requirement is not documented anywhere and the error recieved is "Forbidden".
This error is not helpful at all to figure out that is is not permission problem but a missing license.

Expected behavior

A new team can be created with the "new-mgteam" cmdlet without the authenticated user in delegated permissions scope needing a teams license plan assigned.

How to reproduce

Connect to Graph with delegated permissions with a user account with no license assigned
Connect-MgGraph -Scopes Team.Create
$team = @{
DisplayName = "Team Name"
Description = "This is a sample team"
Visibility = "Public"
"[email protected]" = "https://graph.microsoft.com/v1.0/teamsTemplates('standard')"
}
New-MgTeam -BodyParameter $team

SDK Version

2.17.0

Latest version known to work for scenario above?

No response

Known Workarounds

Assign License to Account

Debug output

Click to expand log

```

New-MgTeam_Create: Failed to execute Templates backend request CreateTeamFromTemplateRequest. Request Url: https://teams.microsoft.com/fabric/emea/templates/api/team, Request Method: POST, Response Status Code: Forbidden, Response Headers: Strict-Transport-Security: max-age=2592000
x-operationid: b737c91902fb4eab974f59abcba88a4a
x-telemetryid: 00-2b6aef81e53b0a54ecba77116938145b-e4f08eff7ca40879-00
X-MSEdge-Ref: Ref A: 7E1FDDBD23DA45069EC39FCA21C7AC4F Ref B: AMS231020614037 Ref C: 2024-06-24T13:41:27Z
Date: Mon, 24 Jun 2024 13:41:27 GMT
, ErrorMessage : {"errors":[{"message":"Error when calling Middle Tier. Message: ''. Error code: 'GetApplicableSkuCategoriesForUserFailed'. Status code: Forbidden.","errorCode":"Unknown"}],"operationId":"b737c91902fb4eab974f59abcba88a4a"}

Status: 403 (Forbidden)
ErrorCode: Forbidden
Date: 2024-06-24T13:41:28

Headers:
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : b737c919-02fb-4eab-974f-59abcba88a4a
client-request-id : e3e2e238-4eef-46e5-ae8e-e917ce749c31
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Germany West Central","Slice":"E","Ring":"4","ScaleUnit":"003","RoleInstance":"FR1PEPF000011B3"}}
Date : Mon, 24 Jun 2024 13:41:27 GM

</details>


### Configuration

_No response_

### Other information

_No response_

[joergrenn]

After doing some more testing and reading documentation I figured out that this is not a bug.
The problem is not the creation of the team, but that every teams needs an owner. And the owner needs a teems license.
One can specify an owner with the command and then everything works as expected.

$params = @{ "[email protected]" = "https://graph.microsoft.com/v1.0/teamsTemplates('standard')" displayName = "My Sample Team" description = "My Sample Teams Description" members = @( @{ "@odata.type" = "#microsoft.graph.aadUserConversationMember" roles = @( "owner" ) "[email protected]" = "https://graph.microsoft.com/v1.0/users('<user object id>')" } ) }