Forum Discussion

lightupdifire's avatar
lightupdifire
Brass Contributor
Nov 21, 2023
Solved

MS Teams | Azure AD API | Access Restriction(Limitation)

Hello,   We would like to manage the MS Teams Channel using the Azure AD API, It seems that the solution requires Application level permissions, But then this API will be able to manage (Delete/C...
microsoft teams
  • Prasad_Das-MSFT's avatar
    Prasad_Das-MSFT
    Nov 22, 2023

    lightupdifire - 

    The Azure AD API permissions mentioned (Channel.Create/Delete, Channel.Members.ReadWriteAll) can allow an application to create or delete any channel in any Microsoft Teams in your organization. However, Azure AD does not provide a direct way to limit these permissions to a specific team.

    To achieve your requirements, we recommend you give your feedback in Teams Feedback Portal.

     

     

    Thanks, 

    Prasad Das

    ------------------------------------------------------------------------------------------ 

    If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.

lightupdifire's avatar
lightupdifire
Brass Contributor
Nov 22, 2023
Prasad_Das-MSFT
We plan to use the Power Automate standard connector for creating channels in MS Teams.
For this, we must register Azure AD API, and give permissions like: Channel.Create/Delete,
Channel.Members.ReadWriteAll and permissions are required to be set on Application, not Delegated.
When the Application level permissions are set, then this API will be able to Delete/Create any channel in any MS Teams.
Then of course a question, how can limit this API to access only dedicated MS Teams?
Prasad_Das-MSFT's avatar
Prasad_Das-MSFT
Icon for Microsoft rankMicrosoft
Nov 22, 2023

lightupdifire - 

The Azure AD API permissions mentioned (Channel.Create/Delete, Channel.Members.ReadWriteAll) can allow an application to create or delete any channel in any Microsoft Teams in your organization. However, Azure AD does not provide a direct way to limit these permissions to a specific team.

To achieve your requirements, we recommend you give your feedback in Teams Feedback Portal.

 

 

Thanks, 

Prasad Das

------------------------------------------------------------------------------------------ 

If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.

  • lightupdifire's avatar
    lightupdifire
    Brass Contributor
    Nov 22, 2023
    Strange isn't it?
    There is a solution for limiting Exchange Online API using: New-ApplicationAccessPolicy
    There is a solution for limiting SharePoint Online API access by using "Sites.Selected"
    But when developing the MS Teams, no security solution was added 🙂
    Feedback is on the way.
    Have a great one 😉

Resources