MS Teams - Privacy Documentation
Data Starmind has access to
The connector authenticates over OAuth with a technical user. More details are available in the documentation of MS-Graph (https://docs.microsoft.com/en-us/graph/auth/auth-concepts?view=graph-rest-beta).
We request the following scope for the application as delegated permissions:
Permission Type
The MS Teams Connector uses "Delegated permission"
| Scope | Description |
|---|---|
| offline_acces | Allows the app to read and update user data, even when they are not currently using the app. |
| Group.Read.All | Allows the app to list groups and to read their properties and all group memberships on behalf of the technical user. It also allows the app to read calendars, conversations, files, and other group content for all groups the technical user can access. |
| Directory.Read.All | Allows the app to read data in your organization's directory, such as users, groups, and apps. Note: Users may consent to applications that require this permission if the application is registered in their own organization’s tenant. |
| User.Read.All | Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. |
| ChannelMessage.Read.All | Allows the app to read all channel messages in Microsoft Teams, without a signed-in user. |
Source: https://docs.microsoft.com/en-us/graph/permissions-reference
In addition to the scopes, the API restricts access to groups. The connector has only access to groups where the configured technical us is a member (enforced by the MS Teams API). This gives the customer limit access to the groups which are relevant for the connector.
Sequence Diagram
The sequence diagram below shows which requests Starmind makes to MS Teams. In the subchapters, there are more details for each request to MS Teams. The ID is corresponding with the number in the diagram.
The data which is used by the connector (listed in the tables in the chapters below) is not stored permanently. Some of the data points are not used on the connector level but are sent to Starmind. These data points have an “X” in the column Starmind. Starmind uses them to extract expertise topics from the data and assign them to the corresponding users. The expertise topics are stored permanently.
List all Users
Get all the users from MS Teams. Starmind requires the email address as an identifier for the user.
| ID | 1 |
| Endpoint | GET /v1.0/users |
| Query Parameter | $select=id, mail |
| Documentation | https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http |
Response
The list below includes all attributes which we are reading from the API.
| Field | Example | Description | Starmind |
|---|---|---|---|
| [email protected] | Send as an identifier for the user to Starmind. | x | |
| id | 0343a31e-0953-43b0-b235-4d1610191a37 | Used in the connector to identify the user. |
List all Teams which are accessible for the technical user
Get all teams that are available to the technical user.
| ID | 2 |
| Endpoint | GET /v1.0/groups |
| Documentation | https://docs.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=http |
Response
The documentation of Microsoft shows all attributes which are returned by the endpoint: https://docs.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0.
The list below shows which of the returned attributes are used by the connector or Starmind.
| Field | Example | Description | Starmind |
|---|---|---|---|
| id | 1e3f4780-416d-45af-86ad-9101eb1c0d9a | Required to call the List Team Channel Endpoint | |
| visibility | public | Check if the group is private or public. | |
| displayName | Starmind-internal | The log file shows the name of the team. |
Get all team channels
For one team, Starmind gets all channels within that team.
| ID | 3 |
| Endpoint | GET/v1.0/teams/{team_id}/channels |
| Documentation | https://docs.microsoft.com/en-us/graph/api/channel-list?view=graph-rest-1.0&tabs=http |
Response
The documentation of Microsoft shows all attributes which the endpoint:https://docs.microsoft.com/en-us/graph/api/resources/channel?view=graph-rest-1.0 returns.
The list below shows which of the returned attributes are used by the connector or Starmind.
Get new messages from channels
Starmind reads all new messages from a channel. Included are only channels accessible to the technical user.
| ID | 4 |
| Endpoint | GET /beta/teams/{team_id}/channels/{channel_id}/messages |
| Documentation | https://docs.microsoft.com/en-us/graph/api/channel-list-messages?view=graph-rest-beta&tabs=http |
Response
The documentation of Microsoft shows all attributes which the endpoint:https://docs.microsoft.com/en-us/graph/api/resources/chatmessage?view=graph-rest-beta returns.
The list below shows which of the returned attributes are used by the connector or Starmind.
| Field | Example | Description | Starmind |
|---|---|---|---|
| body.content | Added a new ... | The message the user posed into the chat | x |
| mentions.user.id | 56939e06-660c-4201-a885-991d218d5b50 | To identify the mentioned users in messages. | |
| from.user.id | 56939e06-660c-4201-a885-991d218d5b50 | To identify the user who wrote the message. | |
| createdDateTime | 2020-04-16T05:07:52.772Z | The creation date of the message is stored in Starmind to identify the actuality of the knowledge. | x |
Updated almost 2 years ago