We’ve developed a simple app for Microsoft Teams, designed to be installed for a Team, which uses a Bot and an Action-based Messaging Extension. The bot is granted the User.Read.All permission for the tenant via the Azure AD portal and works fine for our organization. We need to send this to our customers and we are curious if all our customers using their own MS Teams workspaces would be required to give this permission from Azure Portal?
Below is a summary of how our Bot works.
When the user interacts with our messaging extension,
Our server determines the input choices for the user and responds with a TaskModule.
Once the user submits the modal:
- Our server once again uses the Graph API to fetch the user’s email address
- Executes the appropriate business logic
- An Incoming Webhook is used to send an appropriate message to a channel in the user’s team