Setup Azure App for Microsoft Teams Chat automation

Photo by Thumbor Forbes

Recently I got the chance to work on Microsoft Teams chat integration within a system and the purpose of this integration was to send messages to users using their emails and this should be automated within our system.

I spent more time than the expected to get more information about the API and it’s pros/cons, but finally I was able to achieve it’s implementation. I didn’t get all the information about this at single place, I used different sources to compile the information and then executed my plan. That’s why I’m writing this article so that the upcoming geeks can use this to make things faster especially related to Microsoft Teams chat automation.

Long story short…

Sending message requires Delegated permissions which means you need to access Microsoft Graph API as a signed-in user. So the recommended way to get a token for these permissions is via Application Grant Token but this process gives you a access token which is valid for 1 hour and it’s refresh token is valid for 3 months and for the next 3 months you need to get a new refresh token and so on.

Then I dug into more depth and found that we can use username/password flow to get the token and for this you need to enable Public Client Flow.

Let’s start the setup process…

• Go to https://portal.azure.com/
• Go to App registrations
• Click on New registration

• Give the new app a name and give Multi-tenant access to the app which allows a third party to access. Add a Redirect URI for Web because it will be required to give admin/user consent to this azure app.
• Click register.

• The app is created. Two pieces of the credentials can be found and accessed through this dashboard at any time, the Client ID and the Tenant ID.

• Set up API permissions that will allow the App to search the user using email to get it’s id and then use this id to send message to this user. As mentioned, there are steps involved in this process so both steps have different permission types:
  * Searching user is in Application permission type.
  * creating chat and sending message in that chat is in Delegated permission type.
• In the side menu, go to API permissions.
• Click Add a permission.

• A window on the right hand side of the screen will appear.
• Select Microsoft Graph

• To set up Application permission, select Application permissions box

• App need this endpoint to read the employee hierarchy, which is User.Read.All Note: This is a read-only endpoint which does not give App permissions to write. Use the search bar to find the endpoint easily. Once found, select it, then click Add permissions.

• To set up Delegated permission, select Delegated permissions box

• App need these endpoints to create/read chat and write user a chat message. Once found, select these and then click Add permissions.

• Click Grant admin consent for … (in this example I’m using our own account).

• Go to Certificates & Secrets > click on + New client secret

• Give the new secret any name you would like and select an expiration. I recommend you select the max expiry time.

• The new secret has been created. Copy and safeguard. You are only allowed to copy this secret once it has been generated. If you lose it, you must generate a new secret to use for authentication.

• Getting authentication code for Delegated permissions can be done with different methods which you can check on Acquire a token to call a web API (desktop app) — Microsoft identity platform. Other methods involve a manual interaction that’s why for this version I’m using the username/password flow to get the token and for this we have to enable the public client flow.

• Replace variables({client-id},{redirect-uri}) with the values available in azure app in following URL and load it in the browser to give consent to this application
  https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?response_type=code&client_id={client-id}&scope=User.Read&redirect_uri={redirect-uri}
• Now you have the azure app ready to use.

Completing this setup process gives you following credentials which you can use for Microsoft Teams Chat automation:

• Client ID
• Tenant ID
• Secret Key
• Username
• Password

So if you want to know how to use these credentials and send an automated message in Microsoft Teams, then go through my article Send Message in Microsoft Teams using Python . In this article I’m using Python script to send message.

If you have any questions/suggestions, please feel free to leave a comment below.