Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Current »

Overview

Image 1: App authentication overview

Required permissions

In order to work correctly the app will request the following permissions:

Permission

Type

Description

Admin consent required

Remarks

Microsoft Graph

  • User.Read

Delegated

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

No

  • User.ReadBasic.All

Delegated

Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user.

No

  • Channel.ReadBasic.All

Delegated

Read channel names and channel descriptions, on behalf of the signed-in user.

No

  • ChannelMessage.Read.All

Application

Allows the app to read all channel messages in Microsoft Teams, without a signed-in user.

Yes

Getting links out of channel messages is currently not possible in a performant way using delegated permissions. After adding the app to a channel a process will preanalyse messages for links and store the following data if a link was found:

  • TenantId

  • GroupId

  • ChannelId

  • MessageId

  • ReplyToMessageId

  • AuthorId

  • LastModifiedDateTime

  • CreationDateTime

  • Url (of the link)

Important note: we will not store any message content directly

Please also have a look at the official permission reference from Microsoft to get detailed information about the permission handling.

Consent the app

When you use the app for the first time or the required permissions of the app have changed a dialog will be shown where you can see all permissions that the app requires to work.

You have to grant these permissions in order to get the app working

You are able to remove these permissions at any time!

Image 2: App consent dialog

Because of the scopes mentioned above the app requires an administrator to consent for the whole organization.

Individual users don't have to grant the permissions on their own.

Remove app consent

If you want to remove the app permissions for your organization you can follow these steps:

  1. Navigate to https://portal.azure.com using a browser of your choice

  2. Open your Azure Active Directory

  3. Navigate to Enterprise applications

  4. Search for Link Spotter and open the app

  5. In the app configuration navigate to “Manage → Properties“

  6. Press the “Delete“ button in the app action menu and approve if necessary

The full guide can be found on the official documentation from Microsoft: Delete an application from your Azure Active Directory (Azure AD) tenant

Application Data

Stored Link Spotter application data

We store the following data if a link was found

  • TenantId

  • GroupId

  • ChannelId

  • MessageId

  • ReplyToMessageId

  • AuthorId

  • LastModifiedDateTime

  • CreationDateTime

  • Url (of the link)

Important note: We do not store any message content, we are just extracting all links from a message.

We store additional the following data for the channel tab (internal values ​​for the app)

  • LastSyncedDateTime

  • Active

  • SyncState

We store additional the following data for the Microsoft Graph subscription process (internal values ​​for the app)

  • SubscriptionId

  • ClientState

  • ExpiryDate

Data removal after uninstalling Link Spotter

Important note: If the app consent is removed, all of the above data will be completely removed from the database after one hour.

  • No labels