Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Overview

Image 1: App authentication overview

Required permissions

In order to work correctly the app will request the following permissions:

Permission

Type

Description

Admin consent required

Remarks

Microsoft Graph

  • User.Read

Delegated

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

No

  • User.ReadBasic.All

Delegated

Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user.

No

  • Channel.ReadBasic.All

Delegated

Read channel names and channel descriptions, on behalf of the signed-in user.

No

  • ChannelMessage.Read.All

Application

Allows the app to read all channel messages in Microsoft Teams, without a signed-in user.

Yes

Getting links out of channel messages is currently not possible in a performant way using delegated permissions. After adding the app to a channel a process will preanalyse messages for links and store the following data if a link was found:

  • TenantId

  • GroupId

  • ChannelId

  • MessageId

  • ReplyToMessageId

  • AuthorId

  • LastModifiedDateTime

  • CreationDateTime

  • Url (of the link)

Important note: we will not store any message content directly

Please also have a look at the official permission reference from Microsoft to get detailed information about the permission handling.

Consent the app

When you use the app for the first time or the required permissions of the app have changed a dialog will be shown where you can see all permissions that the app requires to work.

You have to grant these permissions in order to get the app working

You are able to remove these permissions at any time!

Image 2: App consent dialog (TODO: update screenshot)

Because of the scopes mentioned above the app requires an administrator to consent for the whole organization.

Individual users don't have to grant the permissions on their own.

Remove app consent

If you want to remove the app permissions for your organization you can follow these steps:

  1. Navigate to https://portal.azure.com using a browser of your choice

  2. Open your Azure Active Directory

  3. Navigate to Enterprise applications

  4. Search for Link Spotter and open the app

  5. In the app configuration navigate to “Manage → Properties“

  6. Press the “Delete“ button in the app action menu and approve if necessary

The full guide can be found on the official documentation from Microsoft: Delete an application from your Azure Active Directory (Azure AD) tenant

  • No labels