Forum Discussion

lightupdifire's avatar
lightupdifire
Brass Contributor
Nov 21, 2023

MS Teams | Azure AD API | Access Restriction(Limitation)

Hello,

 

We would like to manage the MS Teams Channel using the Azure AD API,

It seems that the solution requires Application level permissions,

But then this API will be able to manage (Delete/Create Channel) for any MS Teams in a tenant,

Is there a way to limit Azure AD API to only specific MS Teams?

 

There is a solution for limiting Exchange Online API using: New-ApplicationAccessPolicy

There is a solution for limiting SharePoint Online API access by using "Sites.Selected"

But why there is no solution for MS Teams? No security is needed...

 

  • lightupdifire - 

    The Azure AD API permissions mentioned (Channel.Create/Delete, Channel.Members.ReadWriteAll) can allow an application to create or delete any channel in any Microsoft Teams in your organization. However, Azure AD does not provide a direct way to limit these permissions to a specific team.

    To achieve your requirements, we recommend you give your feedback in Teams Feedback Portal.

     

     

    Thanks, 

    Prasad Das

    ------------------------------------------------------------------------------------------ 

    If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.

    • lightupdifire's avatar
      lightupdifire
      Brass Contributor
      Prasad_Das-MSFT
      We plan to use the Power Automate standard connector for creating channels in MS Teams.
      For this, we must register Azure AD API, and give permissions like: Channel.Create/Delete,
      Channel.Members.ReadWriteAll and permissions are required to be set on Application, not Delegated.
      When the Application level permissions are set, then this API will be able to Delete/Create any channel in any MS Teams.
      Then of course a question, how can limit this API to access only dedicated MS Teams?
      • Prasad_Das-MSFT's avatar
        Prasad_Das-MSFT
        Icon for Microsoft rankMicrosoft

        lightupdifire - 

        The Azure AD API permissions mentioned (Channel.Create/Delete, Channel.Members.ReadWriteAll) can allow an application to create or delete any channel in any Microsoft Teams in your organization. However, Azure AD does not provide a direct way to limit these permissions to a specific team.

        To achieve your requirements, we recommend you give your feedback in Teams Feedback Portal.

         

         

        Thanks, 

        Prasad Das

        ------------------------------------------------------------------------------------------ 

        If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.

Resources