Forum Discussion
Is it possible for a Teams app to automatically create an Azure Key Vault during installation?
Hi everyone,
I’m developing a custom Teams app that needs access to Azure Key Vault.
Right now, users must manually provide:
- Key Vault URL
- Tenant ID
- Client ID
- Client Secret
Instead, I’d like the app to automatically create a Key Vault in the user’s tenant during installation.
Is this possible? If so, what permissions/consent are required from the admin?
If not, what’s the best practice to simplify this setup?
Thanks!
3 Replies
Nivedipa-MSFTMicrosoft
@muradqr5h - Yes, you cannot auto-create a Key Vault in a customer’s tenant during Teams app install. The best practice is to provide a script or template for the customer admin to run, or clear instructions for manual setup.
If the information above addressed your issue, could you please share your feedback.
Your feedback is important to us. Please rate us:
🤩 Excellent 🙂 Good 😐 Average 🙁 Needs Improvement 😠 Poor
Thanks.- Nivedipa-MSFT
@muradqr5h - Thanks for bringing this issue to our attention.
You cannot automatically create an Azure Key Vault in a user’s tenant during Teams app installation. Teams app install does not grant your app the permissions needed to provision Azure resources in the customer’s subscription or tenant.
Ref Docs:
1.Azure Quickstart - Set and retrieve a secret from Key Vault using Azure portal | Microsoft Learn
2.Assign an Azure Key Vault access policy (CLI) | Microsoft Learn
3.Grant permission to applications to access an Azure key vault using Azure RBAC | Microsoft LearnNivedipa-MSFT - Thanks for your answer, you really saved my life.
So, just to confirm, there’s no way to automatically create an Azure Key Vault on the user’s tenant without some manual action from the user?
p/s: in case the admin has already consented to create the Azure Key Vault
