Teams App accessible only within team

Kamil Gierach-Pacanek 1

Hello,
I have an app with messaging extension capability, that is launched via message context menu (More actions). I want my App to meet the following criteria:

available only within specific teams,
not available on group or personal chats,
regular users should not be able to install App anywhere,
admins and team owners can add App to the team

How close I can get to these requirements?

I've done a lot of research on this topic - tried achieving this by blacklisting this App via App Permission Policy assigned to regular users - but I've ended with an application visible only to the administrator. Other users cannot see the messaging extension option - even on the channels in teams that have this App installed.

So I did a temporary workaround for now by verifying inside a bot service whether I am calling the app from the team chat or other place.

Sharon Zhao-MSFT 25,051 Reputation points Microsoft Vendor

2021-03-25T02:44:50.467+00:00

@Kamil Gierach-Pacanek ,
As we are mainly responsible for general issue of Microsoft Teams, your question which is more related to development is not in our scope. I will remove office-teams-windows-itpro tag. Thanks for your understanding.
Rama-MSFT 176 Reputation points

2021-03-25T06:18:30.257+00:00

Hi @Kamil Gierach-Pacanek ,

Could you please have a look on this document. Hope this would clear all the questions that you mentioned above.
Kamil Gierach-Pacanek 1 Reputation point

2021-03-25T07:37:52.03+00:00

So basically what I've found out that it is not possible to separate installation and usage permissions? Because in Teams Admin Center, in App Policies it says

Choose which custom apps can be installed by your users

This is what made me think it is possible to configure that one is not able to install App, but can use its functionality. That's probably the reason why regardless of the fact that App is installed on team, users with limited policy cannot see it.

Do you see any workaround here, different from what I've made?
Kamil Gierach-Pacanek 1 Reputation point

2021-03-25T07:38:46.08+00:00

Sure, I didn't add the tag by myself - it probably got converter when I've added "teams" tag.
Rama-MSFT 176 Reputation points

2021-04-05T12:20:37.893+00:00

available only within specific teams,
Yes, we can make the application with in specific teams.

not available on group or personal chats,
Yes, we can enable teams, but not for personal chats.

regular users should not be able to install App anywhere,
If you don't want to make the app as public, for specific people we can provide an alternative solution.

admins and team owners can add App to the team
Yes, we can adjust the admins and team owners in settings.

1 answer

Mamatha-MSFT 156 Reputation points

2021-04-08T09:00:28.1+00:00

Posting the Answer for better knowledge
Copying from @Rama-MSFT comments

available only within specific teams,
Yes, we can make the application with in specific teams.

not available on group or personal chats,
Yes, we can enable teams, but not for personal chats.

regular users should not be able to install App anywhere,
If you don't want to make the app as public, for specific people we can provide an alternative solution.

admins and team owners can add App to the team
Yes, we can adjust the admins and team owners in settings.
Please sign in to rate this answer.
Kamil Gierach-Pacanek 1 Reputation point

2021-04-08T09:17:13.763+00:00

Yes, we can enable teams, but not for personal chats.

May I ask how?

If you don't want to make the app as public, for specific people we can provide an alternative solution

Again, can you be more specific?

@Rama-MSFT

Mamatha-MSFT 156 Reputation points

2021-04-08T10:09:31.38+00:00

Hi @ KamilGP ,

not available on group or personal chats,

You can specify in your app manifest, the bot scopes where your bot should available.

"bots": [ { "botId": "%MICROSOFT-APP-ID-REGISTERED-WITH-BOT-FRAMEWORK%", "scopes": [ "team", "personal", "groupchat" ], }]

regular users should not be able to install App anywhere

Can you please explain this point. As per my understating you want your app to be installed by your organization members but not public users. Is that correct?

Kamil Gierach-Pacanek 1 Reputation point

2021-04-08T10:17:30.82+00:00

More like Team Owners should be able to install that App within their Teams. But I know this should be achievable by modifying the Team Templates.. Will it work that way?
That no one should be able to install App, apart from the Team Owners (or during Team creation) - and after the App is installed in the Team, members of the Team should be able to use it (regardless they are able to install App by themselves or not).

As for the manifest changes, I will try this today. I'm pretty sure I was doing that, but maybe there were some interferences from other changes during my tests.

Mamatha-MSFT 156 Reputation points

2021-04-08T13:04:42.537+00:00

Please go through this documentation it will help you.
Sign in to comment