Best Solution for Microsoft Team Graph API Application

Question

I am creating a Graph API Application that will be used to send messages to personal chat and group chat in Microsoft Teams.

Scope: profile, openid, email, ChannelMessage.Send, Chat.Create, Chat.ReadWrite and User.Read

I have registered and configured the application in my Azure Entra ID (AAD) say tenantA. To use the application in an external tenant say tenantB, the application requires Admin Consent as well as User Consent.

For Admin Consent, I shared the below link to the Admin of tenantB and asked Admin to Grant Consent:

https://login.microsoftonline.com/common/adminconsent?client_id=<CLIENT_ID>&sso_reload=true

Later, I asked the Admin of tenantB to create a user and grant permission using the below link so that I can send message to personal/group chat in Microsoft Teams on behalf of the created user.

https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?response_type=code&client_id=<CLIENT_ID>&response_mode=query&scope=https://graph.microsoft.com/.default

Once the created user granted permission to the application, I received an authorization code from which I generated access token. Access token was later used to send appropriate Graph API Request and I was able to send a message.

I wanted to know whether the approach that I have mentioned is as per the standard practice. Also, for sharing the links, I was thinking of creating a web application with two buttons having the links embedded to it.

Questions

1. Is there a better approach for granting admin consent and user consent instead of sharing and asking the admin/user to click on the links.

2. Since the application will be posting message to Microsoft Teams, can I create a Static Tab application with URL pointing to the web application that will have a page with above links in the form of buttons.

3. Is it required that an user has to be created in external tenant (tenantB) on behalf of whom we send out the message? I was thinking of creating a bot but dropped the idea since the communication is unidirectional in my case.

Answer 1

Please find below answers to your queries:

1. Yes, you can create the button in your application and add the links there: Reference sample: https://github.com/OfficeDev/Microsoft-Teams-Samples/blob/main/samples/graph-teams-tag/nodejs/client/src/components/dashboard.jsx#L72

   https://github.com/OfficeDev/Microsoft-Teams-Samples/blob/main/samples/graph-teams-tag/nodejs/client/src/components/dashboard.jsx#L175

   Or you can refer this: https://github.com/formulahendry/Microsoft-Teams-Samples/blob/main/samples/app-anonymous-users/csharp/ClientApp/src/components/shareview.jsx#L291

2. Yes, you can create the static tab as well, if needed.

3. It is not compulsory to create the user in the different tenant (TenantB), you can set the policy in Tenant A as well.

Answer 2

You can send chat message using Graph APIs. To send message on behalf of a user, your app must get consent from each individual users. Application permission is currently not supported.

It's a good idea to build Bot and send notifications instead of sending it from one of the user's account. You can use Proactive message to send message. In order to send message, your Bot needs to be installed for each user.