Authentication & Security
- Dorrit Riemenschneider-Denecke
- Klaida Sulko
- Anika Wagner (Deactivated)
We regret to inform you that we have made the difficult decision to discontinue Link Spotter. We appreciate your support and remain committed to providing innovative tools to meet your evolving needs. Thank you!
Overview
Image 1: App authentication overview
Required permissions
In order to work correctly the app will request the following permissions:
Permission | Type | Description | Admin consent required | Remarks |
|---|---|---|---|---|
Microsoft Graph |
| |||
| Delegated | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. | No |
|
| Delegated | Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user. | No |
|
| Delegated | Read channel names and channel descriptions, on behalf of the signed-in user. | No |
|
| Application | Allows the app to read all channel messages in Microsoft Teams, without a signed-in user. | Yes | Getting links out of channel messages is currently not possible in a performant way using delegated permissions. After adding the app to a channel a process will preanalyse messages for links and store the following data if a link was found:
Important note: we will not store any message content directly |
Please also have a look at the official permission reference from Microsoft to get detailed information about the permission handling.
Consent the app
When you use the app for the first time or the required permissions of the app have changed a dialog will be shown where you can see all permissions that the app requires to work.
You have to grant these permissions in order to get the app working
You are able to remove these permissions at any time! |
Image 2: App consent dialog
Because of the scopes mentioned above the app requires an administrator to consent for the whole organization. Individual users don't have to grant the permissions on their own. |
Remove app consent
If you want to remove the app permissions for your organization you can follow these steps:
Navigate to https://portal.azure.com using a browser of your choice
Open your Azure Active Directory
Navigate to Enterprise applications
Search for Link Spotter and open the app
In the app configuration navigate to “Manage → Properties“
Press the “Delete“ button in the app action menu and approve if necessary
The full guide can be found on the official documentation from Microsoft: Delete an application from your Azure Active Directory (Azure AD) tenant
Application Data
Stored Link Spotter application data
We store the following data if a link was found
TenantId
GroupId
ChannelId
MessageId
ReplyToMessageId
AuthorId
LastModifiedDateTime
CreationDateTime
Url (of the link)
Important note: We do not store any message content, we are just extracting all links from a message.
We store additional the following data for the channel tab (internal values for the app)
LastSyncedDateTime
Active
SyncState
We store additional the following data for the Microsoft Graph subscription process (internal values for the app)
SubscriptionId
ClientState
ExpiryDate
Data removal after uninstalling Link Spotter
Important note: If the app consent is removed, all of the above data will be completely removed from the database after one hour.