Azure Permissions

This document provides a guide for configuring the necessary permissions for your bot within Azure Active Directory (Azure AD). Follow these steps carefully to ensure the bot functions as intended.

Deployment

Requirements

To successfully configure the bot, your Admin user must have one of the following roles assigned in Azure AD:

  • Application Administrator: Can manage all aspects of enterprise applications, including adding and removing permissions.

  • Cloud Application Administrator: Similar to the Application Administrator, but limited to cloud-based applications.

  • Global Administrator: The highest level of administrative privilege, with access to all features in Azure AD. This role can also grant tenant-wide consent for API permissions.

Configuration

Follow these steps to assign the required permissions to your bot's application registration in Azure AD.

  1. Obtain the Bot ID:

    • In Teams, navigate to Developer Portal > Tools > Bot Management.

    • Copy the Bot ID for your bot.

  2. Navigate to App Registrations in Azure:

    • Go to the Azure portal and log in.

    • In the search bar at the top, or from the navigation menu, find and select App registrations.

  3. Select Your App:

    • From the list of registered applications, click on the name of your bot's app. You can use the Bot ID you copied to find it.

  4. Access API Permissions:

    • In the left-hand navigation pane for your app, select API permissions.

  5. Add Permissions:

    • Click the + Add a permission button.

    • In the Request API permissions panel, select the Microsoft APIs tab, then choose Microsoft Graph.

  6. Choose Permission Type:

    • Select the Application permissions option.

  7. Find and Select Required Permissions:

    • Search for and select the following permissions. All of these are required for the solution to work correctly.

    - ChannelMessage.Read.All
- Chat.Read.All
- Files.Read.All
- Files.ReadWrite.All
- Group.Read.All
- Group.ReadWrite.All
- Sites.Read.All
- Sites.ReadWrite.All
- Team.ReadBasic.All
- TeamMember.Read.All
- User.ReadBasic.All

  8. Add Permissions:

    • After selecting all the necessary permissions, click the Add permissions button at the bottom of the panel.

  9. Grant Admin Consent:

    • Once the permissions are added, they will appear in your API permissions list. To activate them, click the Grant admin consent for <your-tenant-name> button.

    • In the confirmation dialog, click Yes to proceed. This step requires a Global Administrator or a similar role with the ability to grant tenant-wide consent.

PreviousPackage InstallationNextConfiguration

Last updated