Microsoft Teams configuration

This page describes how to set up authentication and permissions before creating the Microsoft Teams data store.

Set up authentication and permissions

You must set up authentication and permissions in Microsoft 365, which is crucial to allow Gemini Enterprise to access Microsoft Teams data.

Entra app registration for Microsoft Teams data store

You must set up a Microsoft Entra application registration to enable secure access to Microsoft Teams before you create the Gemini Enterprise data store.

To register Gemini Enterprise as an OAuth 2.0 application in Microsoft Entra, do the following:

Navigate to Microsoft Entra admin center .
In the menu, expand the Entra IDsection and select App registrations.
On the App registrationspage, select add New registration.
On the Register an applicationpage, create an app registration by doing the following:
1. In the Namesection, enter a display name for the application.
  
  Register an application page
2. In the Supported account typessection, select Accounts in the organizational directory only. This option restricts access to users within your organization's Microsoft Entra tenant, which is appropriate for an enterprise application.
3. In the Redirect URIsection, select Weband enter the following URL as web callback URL (or redirect URL):
  - https://vertexaisearch.cloud.google.com/oauth-redirect
4. Click Register. Microsoft Entra creates your app and displays it on the All applicationspage.

Create an OAuth 2.0 configuration

To create a connection using the OAuth 2.0 authentication method, obtain a client ID, client secret, and tenant ID from your Microsoft Entra application registration page by following these steps.

Obtain client ID and client secret

To obtain the client ID and secret for the app , do the following:

Navigate to Microsoft Entra admin center .
In the menu, expand the Entra IDsection and select App registrations.
On the App registrationspage, select All applications.
Open the application you created.
On the app page, select Certificates & secrets.
Click add New client secret.
In the Add a client secretdialog:
1. Enter a description for the secret.
  
  Add a client secret dialog
2. Select an expiry duration. We recommend selecting the default value.
3. Click Add.
Copy the secret from the Valuecolumn ( Client Secret ) and the identifier from the Secret IDcolumn ( Client ID ), and store them securely for later use.

Obtain tenant ID

Your tenant ID can be found in the Tenant IDbox on the overview page in the Microsoft Entra admin center.

Screenshot of the Tenant ID on the overview page in Microsoft Entra admin center. — Get the tenant ID

Configure the Microsoft Graph permissions

To configure the required Microsoft Graph permissions for the app , do the following:

Navigate to Microsoft Entra admin center .
In the navigation menu, expand the Entra IDsection and select App registrations.
On the App registrationspage, select All applications.
Open the application you created.
On the app page, select API permissions.
Click Add a permission.
In the Request API permissionspage, select Microsoft Graph, and select Delegated permissions.
Search for and select the following permissions for your connection mode. Ensure that an administrator grants consent for all the delegated permissions listed in the following table. Once consent is granted, the Statuscolumn displays Grantedwith a green tick mark (✓).

Connection mode

Permission

Permission type

Purpose

Federated search

Chat.Read

Delegated

Allows the app to read all chats.

Chat.ReadBasic

Delegated

Allows the app to read basic properties of chats.

ChatMessage.Read

Delegated

Allows the app to read all one-to-one and group chats messages.

Channel.ReadBasic.All

Delegated

Allows the app to read the names and descriptions of channels.

ChannelMessage.Read.All

Delegated

Allows the app to read user channel messages.

Team.ReadBasic.All

Delegated

Allows the app to read the names and description of teams.

User.Read

Delegated

Allows the app to sign in and read user profile.

Federated search and actions

Chat.Read

Delegated

Allows the app to read all chats.

Chat.ReadBasic

Delegated

Allows the app to read basic properties of chats.

ChatMessage.Read

Delegated

Allows the app to read all one-to-one and group chats messages.

Channel.ReadBasic.All

Delegated

Allows the app to read the names and descriptions of channels.

ChannelMessage.Read.All

Delegated

Allows the app to read user channel messages.

Team.ReadBasic.All

Delegated

Allows the app to read the names and description of teams.

User.Read

Delegated

Allows the app to sign in and read user profile.

ChannelMessage.Send

Delegated

Allows the app to send messages in any channel.

ChatMessage.Send

Delegated

Allows the app to send chat messages.

Note: If you only intend to use the data store for search and not to perform any actions that modify content in Microsoft Teams, you can limit the scope to the Read.All permissions. Other permissions are required for actions that involve updating content in Microsoft Teams.
Click Add Permissions.

To grant administrator consent for permissions, do the following:

Sign in to Microsoft Entra admin center as a global or application administrator.
In the navigation menu, expand the Entra IDsection and select App registrations.
On the App registrationspage, select All applications.
Open the application you created.
On the app page, select API permissions.
Click the Grant admin consent forbutton.

Grant admin consent
Select Yesin the dialog to confirm the consent action.