Skip to main content

MS Teams Integration Setup

Updated

Connecting MSPbots with MS Teams lets you receive bot notifications from MSPbots apps like the Attendance Manager and NextTicket Manager via Teams chat. This article provides a step-by-step guide to establish this integration and information on how to resolve common errors.  

Prerequisites 

How to set up the MS Teams integration with MSPbots

1. Sync Teams to MSPbots 

  1. Log in to the MSPbots app and navigate to Integrations.

    Ensure that the account used to log in to MSPbots matches the email used to log in to Microsoft.

    image navigate to integrations
  2. Search for Teams and click the ellipsis button, then select Permission.

    Permission.jpg

  3. Select all permissions in the Permission List, then click Save. If you want to know the descriptions of each permission, refer to Description of Teams Permissions.

    Permission List.jpg

  4. Click the Config button to open the connection settings.

    Config.jpg

  5. To sync MS Teams to MSPbots, connect your AAD (Teams) from the Integrations section of the MSPbots app. Click the Sync button to connect. 

    Teams Sync.jpg

2. Authorize AD background sync permission 

Information needed and why we need it

The MSPbots app requires permission to sync user information like managers, positions, and avatar pictures, including any change in user data from AAD in the future. The sync happens in the background and updates user information regularly. This eliminates the need for manually syncing data whenever employees get on board or go offboard.

  • User name and email address - Used to identify users and map their email addresses with the PSA user accounts.
  • Managers' info - Used by the bots to alert the managers every time users are not in compliance with the company's policies or procedures.
  • Job title - Used to automate the dashboards related to job titles and to trigger bots that apply to specific job titles.
  • Avatar picture - Makes it easier to identify users on the list and adds to a better user interface.

API call for obtaining user information

Here is the API call that we use to get the user information:

This step is done by an AAD admin. If you are not an AAD admin, add one of your AAD administrators as MSPbots admin and let them log in to finish this step. 

 

3. Install MSPbots App in MS Teams 

The MSPbots Teams App is needed for users to receive MSPbots notifications and send commands to MSPbots. There are two ways to get it installed:

If you want to install Microsoft Teams, refer to Install Microsoft Teams.

4. Setup MS Teams Global Policy to push MSPbots to all users 

Add MSPbots to Teams Global policy to get the app installed automatically for your current and future AAD users. 

Follow the steps in the article How to Add MSPbots to the Teams Global Policy

Common errors when connecting MS Teams to MSPbots

This is a list of the errors commonly experienced by MSPbots clients when connecting to MS Teams. 

  • Error message "The app may not exist, or your organization may have disallowed you from using it"
  • Error "c9a921d7-2b75-4a7f-96a4-649fb3250a68" on Teams integration logs
  • Error "c10e6250-9996-447b-96a5-96f195e9b022" on Teams integration logs

For more information on these errors and how to fix them, read the article Common Errors with MS Teams Integration

How to configure the Microsoft permissions and roles required for connecting MS Teams integration

1. Configure Microsoft roles

  1. Log in to the Microsoft 365 admin center as a Microsoft admin.
  2. Click User > Active users, then click on the user's name who needs to connect to MS Teams integration.

    active users.jpg

  3. Click Manage roles.

    manage role.jpg
  4. Select between Global Administrator or Teams Administrator and User Administrator for role assignments.

    manage admin roles.jpg

  5. Click Save.

2. Configure Microsoft permissions

  1. Log in to Microsoft Azure as a Global Administrator.
  2. Search for MSPbots.ai Background Service in the search bar, then select MSPbots.ai Background Service - Application.

    MSPbots.ai Background Service.jpg

  3. Click API permissions.

    API Permissions.jpg

  4. Grant the following permissions to the user who needs to connect Teams integration with the Microsoft Graph list.
    • ChannelMessage.Read.All
    • Files.Read.All
    • Group.Read.All
    • ManagedTenants.Read.All
    • offline_access
    • Presence.Read.All
    • TeamsAppInstallation.ReadForUser
    • User.Read
    • User.Read.All
    • User.ReadBasic.All

      Permissions name2.jpg

Description of Teams Permissions

No. Permission Status

Microsoft Offical Description

 Usage in MSPbots
1 offline_access Checked by default

Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.

Basic permission, allows MSPbots to call APIs persistently, enabling further automation of syncing user information.

After the tenant authorizes Teams integration in MSPbots, there is no need for repeated authorization. MSPbots will automatically sync the latest information of all users in that tenant.
2 user.read Checked by default

Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

After tenants log in to MSPbots but before authorizing Teams integration, allows MSPbots to read the basic information of the currently logged-in user, including MPNID, email, first name, last name, display name, and Teams user ID.

The information retrieved is the minimal user data set captured during the registration and login process of MSPbots, which is used to uniquely identify the user within the organization.
3

User.ReadBasic.

All

Checked by default

Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo.

After tenants log in to MSPbots but before authorizing Teams integration, allows MSPbots to read basic information of all users in the current tenant: MPNID, Email, first name, last name, display name, and teams user id.
4 User.Read.All Checked by default

Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.

After the tenant authorizes Teams integration, proceed to read full information about all users in the current tenant. In addition to basic information such as MPNID, email, first name, last name, display name, and Teams user ID, it can also access organizational structure, manager, job title, user avatar, mobile number, and office location of each user.
5 Group.Read.All Checked by default

Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.

After the tenant authorizes Teams integration, allows MSPbots to read information about which groups the current logged-in user belongs to, the channels within these groups, as well as basic information about the groups and channels. This includes access to calendars, conversations, files, and other group content that the logged-in user can access.
6

TeamsApp

Installation.

ReadForUser

Checked by default

Allows the app to read the Teams apps that are installed for the signed-in user. Does not give the ability to read application-specific settings.

After the tenant authorizes Teams integration, allows MSPbots to read which users in the current tenant have blocked or muted MSPbots.
7

Presence.Read.

All

Optional

Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.

After the tenant authorizes Teams integration, allows MSPbots to read the status of all users in the current tenant, such as Available, Busy, Do not disturb, Be right back, Appear away and Appear offline.
8 Files.Read.All Optional

Allows the app to read all files the signed-in user can access.

 After the tenant authorizes Teams integration, when the tenant authorizes OneDrive integration, this permission will automatically appear in the Teams permission list and be automatically checked. Allows MSPbots to read the files in the OneDrive app for users authorized for OneDrive integration.
9

ManagedTenants.

Read.All

Optional

Read all managed tenant information.

Allows the app to read all managed tenant information on behalf of the signed-in user.

After the tenant authorizes Teams integration, allows MSPbots to read certain information in Teams, however, this permission has not been used yet.
10

ChannelMessage.

Read.All

Optional

Read user channel messages.

Allows an app to read a channel's messages in Microsoft Teams, on behalf of the signed-in user.

After the tenant authorizes Teams integration, allows MSPbots to read messages that all users in the current tenant reply to the MSPbots in channels.

Related articles