This source can sync data for the Microsoft Graph API to work with Microsoft Teams.
There are currently 2 versions of Microsoft Graph REST APIs – v1.0 and beta. Beta version contains new or enhanced APIs that are still in preview status. But APIs in preview status are subject to change and may break existing scenarios without notice. It isn’t recommended taking a production dependency on APIs in the beta endpoint. This Source Connector is based on a API v1.0.
The Microsoft Graph API uses OAuth for authentication. Microsoft Graph exposes granular permissions that control the access that apps have to resources, like users, groups, and mail. When a user signs in to your app,
they, or, in some cases, an administrator, are given a chance to consent to these permissions. If the user consents, your app is given access to the resources and APIs that it has requested. For apps that don’t take a signed-in user, permissions can be pre-consented to by an administrator when the app is installed.
Microsoft Graph has two types of permissions:
Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app can act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented by non-administrative users, but some higher-privileged permissions require administrator consent.
Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
This source requires Application permissions. Follow these instructions for creating an app in the Azure portal. This process will produce the client_id, client_secret, and tenant_id needed for the tap configuration file.
Login to Azure Portal
Click upper-left menu icon and select Azure Active Directory
Select App Registrations
Click New registration
Register an application
Name:
Supported account types: Accounts in this organizational directory only
Register (button)
Record the client_id, tenant_id, and which will be used by the tap for authentication and API integration.
Select Certificates & secrets
Provide Description and Expires
Description: tap-microsoft-teams client secret
Expires: 1-year
Add
Copy the client secret value, this will be the client_secret
Select API permissions
Click Add a permission
Select Microsoft Graph
Select Application permissions
Select the following permissions:
Users
User.Read.All
User.ReadWrite.All
Directory.Read.All
Directory.ReadWrite.All
Groups
GroupMember.Read.All
Group.Read.All
Directory.Read.All
Group.ReadWrite.All
Directory.ReadWrite.All
Group members
GroupMember.Read.All
Group.Read.All
Directory.Read.All
Group owners
Group.Read.All
User.Read.All
Group.Read.All
User.ReadWrite.All
Group.Read.All
User.Read.All
Application.Read.All
Channels
ChannelSettings.Read.Group
ChannelSettings.ReadWrite.Group
Channel.ReadBasic.All
ChannelSettings.Read.All
ChannelSettings.ReadWrite.All
Group.Read.All
Group.ReadWrite.All
Directory.Read.All
Directory.ReadWrite.All
Channel members
ChannelMember.Read.All
ChannelMember.ReadWrite.All
Channel tabs
TeamsTab.Read.Group
TeamsTab.ReadWrite.Group
TeamsTab.Read.All
TeamsTab.ReadWriteForTeam.All
TeamsTab.ReadWrite.All
Group.Read.All
Group.ReadWrite.All
Directory.Read.All
Directory.ReadWrite.All
Conversations
Group.Read.All
Group.ReadWrite.All
Conversation threads
Group.Read.All
Group.ReadWrite.All
Conversation posts
Group.Read.All
Group.ReadWrite.All
Team drives
Files.Read.All
Files.ReadWrite.All
Sites.Read.All
Sites.ReadWrite.All
Team device usage report
Reports.Read.All
Click Add permissions
Token acquiring implemented by instantiate the confidential client application with a client secret and calling AcquireTokenForClient from Microsoft Authentication Library (MSAL) for Python