Registering Teams Chat Assist Bot as an Azure Application

This document describes the process of registering Teams Chat Assist Bot as an Azure Application as the first step to deployment. As part of the registration you will gather the following information for use further along the deployment process.

Register Teams Chat Assist Bot with Azure Active Directory

  1. Sign in to the Azure Portal
  2. Select the Azure Active Directory service from the navigation menu on the top
  3. Select App Registrations from navigation pane on the left and then click + New Registration (Take care not to select App Registrations (Legacy) as these instructions do not apply to them)
  4. Enter the following application registration details
    • Name - Recommend setting this to Teams Chat Assist Bot
    • Supported Account Types - This needs to be set to Accounts in any Organizational Directory
  5. Click Register and Azure AD will create an Application ID and present the Overview page

    App registration

Branding

  1. Select Branding from left navigation pane. Set the Publisher Domain by pressing Update Domain. Select a valid Domain Name such as your company domain from window opened on right.

    Branding1

    Branding2

    Branding3

Add a Client Secret

  1. Navigate to the Home and then press Azure Active Directory from the navigation menu on top
  2. Select App Registrations and select the Teams Chat Assist Bot app
  3. Select Certificates & secrets from the Manage menu
  4. Select New client secret and enter an appropriate description and expiry period
    • Description - Recommend setting this to TCABot-Secret
    • Expiry - Recommend setting this to Never
  5. Click Add
  6. Immediately take note of the Secret as this can not be retrieved later and will be required further in the deployment process team work secret

API permissions

  1. Remove the Delegated User Read Graph permission by clicking the 3 dots next to Microsoft Graph

    APIPermissions1

  2. Add the Application User Read Graph permission by clicking Add a permission and then click Microsoft Graph

    APIPermissions2

  3. Select Application permissions, search for user.read.all, tick it and click Add permissions

    APIPermissions3

  4. Click the Grant admin consent button as a Global Admin. If the button is not available you might need to click Refresh

    Note: Admin consent will need to be granted by someone with the Global Admin role within your organisation

    AdminConsent

  5. Once Admin Consent has succesfully been granted, the permission will turn green

    AdminConsent

  6. Add the openId permission by clicking Add a permission and then click Microsoft Graph.

  7. Select Delegated permissions, search for openid, tick it and click Add permissions

    APIOpenIdPermissions

  8. Add the profile permission by clicking Add a permission and then click Microsoft Graph.

  9. Select Delegated permissions, search for profile, tick it and click Add permissions

    APIProfilePermission

Continue to ARM Deployment

  1. Take your note of the Application (client) ID from Overview page and Client secrets to the ARM Deployment phase