Articles
Articles
Articles

Connecting Starmind & Microsoft Teams

The Microsoft Teams connector uses messages in public channels to build accurate expertise profiles.

Suggest Edits

Why connectors? Data sources and connectors are critical to Starmind's Knowledge Engine and our ability to build accurate expertise profiles for all your employees. With every data source connected to Starmind's Knowledge Engine, the accuracy of expertise profiles and our Expert Search improves dramatically.

With our Microsoft Teams connector, Starmind can analyse conversations to enhance each individual's expertise profile. The connector learns exclusively from public teams and shared channels, ensuring users' privacy by not invading private conversations.

Learn more about public and private teams in Microsoft Teams

Learn more about teams and channels in Microsoft Teams

Data Processing Info

We don't store textual information from MS Teams. We will only retain the extracted topics and metadata, which are required to disclose to the individual how we built their expertise profile.

Permission Info

We require a dedicated technical user account to access your MS Teams instance. Our connector can only access the teams and channels you grant this account access to. Additionally, the connector disregards private teams, private channels, and one-on-one conversations. This approach ensures that you are always in control and can revoke access immediately if you need to.

Starmind requires permission to read from Microsoft Teams to learn about each employee and build an accurate expertise profile for each individual. During the setup process, you will be asked to log in to your Microsoft Tenant with a dedicated technical user and grant (consent) these permissions to Starmind's connector.

The required permissions are

  • Group.Read.All: Allows the app to list groups and to read their properties and all group memberships on behalf of the technical user. It also allows the app to read calendars, conversations, files, and other group content for all groups the technical user can access.
  • Directory.Read.All: Allows the app to read data in your organization's directory, such as users, groups, and apps. Note: Users may consent to applications that require this permission if the application is registered in their own organization’s tenant.
  • User.Read.All: Allows the app to read data in your organization's directory, such as users, groups, and apps. Note: Users may consent to applications that require this permission if the application is registered in their own organization’s tenant.
  • ChannelMessage.Read.All: Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
  • offline_access: Maintain access to data you have given it access to. Allows the app to see and update the data you gave it access to, even when you are not currently using it. This does not give the app any additional permissions.

More information about Microsoft Graph permissions can be found here: https://learn.microsoft.com/en-us/graph/permissions-reference?view=graph-rest-beta

In addition to the privileges, the API restricts access to groups where the configured technical user is a member (enforced by the MS Graph API). This gives the customer more control over limiting access to the groups relevant to the connector.

Integrating with Microsoft Teams

Setting Up the Technical User for Starmind’s Teams Connector

To ensure a secure and controlled connection between Starmind and Microsoft Teams, we recommend creating a dedicated technical user account in your Microsoft 365 environment. This account is used exclusively for the Starmind connector and should follow best practices for service accounts.

Recommended Approach:

  1. Create a Dedicated User Account
    1. Set up a new Microsoft Entra ID (formerly Azure AD) account, such as [email protected].
  2. Assign the Necessary Permissions
    1. Add this technical user to only the Teams and Channels that should be accessible by Starmind. This minimizes exposure and ensures compliance with internal data policies.
    2. Grant the required permissions (as outlined above) through Microsoft Entra ID or during the consent process.
  3. Apply Security Best Practices
    1. Enable Multi-Factor Authentication (MFA) if your organization requires it for all accounts.
    2. Use Conditional Access Policies to restrict when and where this account can be used.
    3. Consider disabling email and interactive login to limit its usage to API-based access only.
  4. Document & Monitor Usage
    1. Maintain internal documentation about the account’s purpose and permissions.
    2. Set up monitoring and alerts in Microsoft Entra ID to track unexpected activity.
    3. Assign responsibility for reviewing access periodically to ensure compliance.

By following this approach, you keep control over the connector’s access while maintaining security and flexibility.

Connecting Starmind to Teams

  • From the left-hand navigation panel, select Admin and then Integrations
  • From the Available tab, search for MS Teams
  • Select Connect
  • Use the credentials of a dedicated technical user to log into your Microsoft 365 environment.
  • Accept the terms of the integration and grant the requested permissions.
  • Once connected, the system automatically starts processing the data it has access to and starts building an accurate expertise profile for each individual

Updated about 1 month ago