SOLVED

Bot Security

%3CLINGO-SUB%20id%3D%22lingo-sub-58827%22%20slang%3D%22en-US%22%3EBot%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58827%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20trying%20to%20add%20a%20bot%20I%20get%20this%20(for%20example)%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CEM%3EPoll%20your%20team%20with%20Polly!%20Mention%20%40polly%20to%20get%20started.%20Analyze%20results%20by%20adding%20the%20Polly%20tab%20to%20your%20channels.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CDIV%20class%3D%22ts-add-app-dialog-permissions%22%3E%3CDIV%20class%3D%22ts-add-app-dialog-permissions-scrollable%20simple-scrollbar%22%3E%3CSTRONG%3E%3CEM%3EThis%20bot%20has%20the%20following%20permissions%3A%3C%2FEM%3E%3C%2FSTRONG%3E%3CUL%3E%3CLI%3E%3CSTRONG%3E%3CEM%3EReceive%20messages%20and%20data%20that%20I%20provide%20to%20it.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FLI%3E%3CLI%3E%3CSTRONG%3E%3CEM%3ESend%20me%20messages%20and%20notifications.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FLI%3E%3CLI%3E%3CSTRONG%3E%3CEM%3EReceive%20messages%20and%20data%20that%20team%20members%20provide%20to%20it%20in%20a%20channel.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FLI%3E%3CLI%3E%3CSTRONG%3E%3CEM%3ESend%20messages%20and%20notifications%20in%20a%20channel.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FLI%3E%3CLI%3E%3CSTRONG%3E%3CEM%3EAccess%20my%20profile%20information%20such%20as%20my%20name%2C%20email%20address%2C%20company%20name%2C%20and%20preferred%20language.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FLI%3E%3CLI%3E%3CSTRONG%3E%3CEM%3EAccess%20this%20team's%20information%20such%20as%20team%20name%2C%20channel%20list%20and%20roster%20(including%20team%20member's%20names%20and%20email%20addresses)%20-%20and%20use%20this%20to%20contact%20them%20.%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EWhere%20can%20I%20find%20specific%20information%20about%20whar%20each%20of%20these%20bullets%20mean%3F%20I%20want%20to%20understand%20exactly%20which%20data%20is%20sent%20from%20teams%20to%20the%20third%20party%20before%20we%20enable%20it%20for%20our%20org.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-58827%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-58858%22%20slang%3D%22en-US%22%3ERe%3A%20Bot%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58858%22%20slang%3D%22en-US%22%3E%3CP%3EAgreed%20with%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F60%22%20target%3D%22_blank%22%3E%40Juan%20Carlos%20Gonz%C3%A1lez%20Mart%C3%ADn%3C%2FA%3E%26nbsp%3Bthat%20it%20should%20be%20documented%2C%20but%20I%20can%20give%20you%20a%20current%20state%20answer.%20You%20may%20want%20something%20more%20official%20from%20Microsoft%20if%20this%20is%20for%20any%20sort%20of%20security%2Flegal%2Fdata%20privacy%20review.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBots%20in%20Microsoft%20Teams%20are%20%22passive%22%20bots.%20They%20are%20not%20always%20listening.%20They%20only%20take%20whatever%20you%20send%20them%20after%20invoking%20them%20with%20an%26nbsp%3B%40%20tag%20in%20that%20exact%20message.%20You%20can%20see%20evidence%20of%20this%20in%20the%20fact%20that%20you%20have%20to%20keep%20tagging%20them%20in%20your%20replies%2C%20or%20they%20stop%20answering%20you%20even%20in%20a%20threaded%20conversation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-58846%22%20slang%3D%22en-US%22%3ERe%3A%20Bot%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58846%22%20slang%3D%22en-US%22%3EThis%20information%20should%20be%20in%20the%20MSDN%20documentation%20available%20to%20build%20bots%20for%20Teams%20but%20it%20seems%20is%20not%20in%20that%20way%3A%20%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Fmicrosoft-teams%2Fbots%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Fmicrosoft-teams%2Fbots%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-58838%22%20slang%3D%22en-US%22%3ERe%3A%20Bot%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58838%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20on%20Polly's%20side%20I%20guess.%3C%2FP%3E%3CP%3EI%20need%20the%20specific%20Microsoft%20side%20technical%20behavior%20of%20what%20exactly%20triggers%20it%20to%20send%20anything%20up%20Polly's%20way%20and%20what%20exactly%20would%20that%20%22anything%22%20be.%3C%2FP%3E%3CP%3EFor%20example%2C%20will%20Teams%20send%20all%20conversations%20to%20Polly%20or%20only%20messages%20where%20Polly%20is%26nbsp%3B%40mentioned%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20skimming%20through%20the%20bot%20creation%20docs%20but%20couldn't%20find%20an%20answer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-58834%22%20slang%3D%22en-US%22%3ERe%3A%20Bot%20Security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-58834%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20terms%20of%20use%20and%20privacy%20policies%20it%20offers%20links%20to%20offer%20more%20information%20for%20you%20to%20review%20to%20see%20if%20this%20is%20acceptable%20risk.%20Take%20note%20also%20that%20this%20control%20is%20currently%20at%20the%20user%20level.%20They%20are%20the%20ones%20that%20can%20hit%20accept%20and%20take%20this%20risk%20on%20if%20you%20have%20bots%20and%20tabs%20enabled.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

 

When trying to add a bot I get this (for example):

 

Poll your team with Polly! Mention @polly to get started. Analyze results by adding the Polly tab to your channels.

This bot has the following permissions:
  • Receive messages and data that I provide to it.
  • Send me messages and notifications.
  • Receive messages and data that team members provide to it in a channel.
  • Send messages and notifications in a channel.
  • Access my profile information such as my name, email address, company name, and preferred language.
  • Access this team's information such as team name, channel list and roster (including team member's names and email addresses) - and use this to contact them​.

Where can I find specific information about whar each of these bullets mean? I want to understand exactly which data is sent from teams to the third party before we enable it for our org.

 

Thanks

 

 

4 Replies
Highlighted

The terms of use and privacy policies it offers links to offer more information for you to review to see if this is acceptable risk. Take note also that this control is currently at the user level. They are the ones that can hit accept and take this risk on if you have bots and tabs enabled.

Highlighted

This is on Polly's side I guess.

I need the specific Microsoft side technical behavior of what exactly triggers it to send anything up Polly's way and what exactly would that "anything" be.

For example, will Teams send all conversations to Polly or only messages where Polly is @mentioned?

 

I was skimming through the bot creation docs but couldn't find an answer.

 

 

Highlighted
This information should be in the MSDN documentation available to build bots for Teams but it seems is not in that way: https://msdn.microsoft.com/en-us/microsoft-teams/bots
Highlighted
Solution

Agreed with @Juan Carlos González Martín that it should be documented, but I can give you a current state answer. You may want something more official from Microsoft if this is for any sort of security/legal/data privacy review.

 

Bots in Microsoft Teams are "passive" bots. They are not always listening. They only take whatever you send them after invoking them with an @ tag in that exact message. You can see evidence of this in the fact that you have to keep tagging them in your replies, or they stop answering you even in a threaded conversation.