Set up a Microsoft Teams data store

This page describes how to create a data store and connect Microsoft Teams to Gemini Enterprise.

Before you begin

Before you set up your Microsoft Teams data store, ensure the following:

1. Grant the Discovery Engine Editor role (roles/discoveryengine.editor). This role is required for the user to create the data store. To grant this role, do the following:

   1. In the Google Cloud console, go to the IAMpage.

      Go to IAM

   2. Locate the user account and click the edit Editicon.
   3. Grant the Discovery Engine Editor role to the user. For more information, see IAM roles and permissions .

2. Register Gemini Enterprise as an OAuth 2.0 application in Microsoft Entra ID and obtain the following credentials :

   • Client ID

   • Client secret

   • Tenant ID

3. Configure the Microsoft Graph application permissions with the consent of a Microsoft Teams administrator.

4. Add the following URLs as web callback URLs:

   • https://vertexaisearch.cloud.google.com/oauth-redirect

Create the Microsoft Teams data store

To create the Microsoft Teams data store, perform the following steps:

1. In the Google Google Cloud console, go to the Gemini Enterprisepage.

   Gemini Enterprise

2. Select or create a Google Cloud project.

3. In the navigation menu, click Data stores.

4. Click add Create data store.

5. In the Source, search for Microsoft Teams, and click Select.

6. In the Datasection:

   1. In the connection mode section, choose Federated search.

   2. In the Authentication settingssection, configure authentication:

      1. Provide the following authentication details:

         • Client ID:The unique identifier of the application registered in Microsoft Entra ID.
         • Client Secret:The secret key generated during the OAuth 2.0 application registration process in Microsoft Entra ID.
         • Tenant ID:The unique identifier for your Microsoft 365 or Azure environment.

         For information on how to obtain the client ID, client secret, and tenant ID, see Obtain client ID and client secret and Obtain tenant ID . For the minimum permissions required to perform search, see Minimum permissions .

      2. Click Loginand complete the Microsoft sign-in.

      3. Click Continue.

   3. In the Advanced optionssection:

      1. Azure Tenant: Enter the tenant ID. This is a required field and must match the Tenant IDprovided in the Authentication settingssection.
      2. Include All Groups: Optional: Enable this checkbox to list all the groups in your organizations or only groups the logged in user is a member of.
      3. Include All Users: Optional: Enable this checkbox to list all the users in your organizations or only the logged in users.
      4. Click Continue.

   4. In the Entities to searchsection, select all the entities to search from the list. You must select at least one entity.

7. Click Continue.

8. In the Configurationsection:

   1. From the Multi-regionlist, select the location for your data connector.
   2. In the Data connector namefield, enter a name for your connector.
   3. If you selected US or EU as the location, configure the Encryption settings:
      • Optional: If you haven't configured single-region keys, click Go to settings pageto do so. For more information, see Register a single-region key for third-party connectors .
      • Select Google-managed encryption keyor Cloud KMS key.
      • If you selected Cloud KMS key:
        • In the Key management typelist, select the appropriate type.
        • In the Cloud KMS keylist, select the key.
      For more information, see Customer-managed encryption keys .

9. Click Continue.

10. In the Billingsection, select General pricingor Configurable pricing. For more information, see Verify the billing status of your projects and Licenses .

On the Data Storespage, click your data store name to see the status. After the data store state changes from Creatingto Active, the Microsoft Teams connector is ready to be used.

After creating the data store, create an app , connect it to the Microsoft Teams data store , and authorize Gemini Enterprise to Microsoft Teams before executing any queries.

For information on permissions required to perform search, see minimum permissions .

Data handling and query execution

This section describes how Gemini Enterprise manages your query and the privacy implications of using the federated data store.

Query execution

After you authorize Microsoft Teams and send a search query to Gemini Enterprise:

• Gemini Enterprise sends your search query directly to the Microsoft API.
• Gemini Enterprise blends the results with those from other connected data sources and displays a comprehensive search result.

Data handling

When using third-party federated search, the following data handling rules apply:

• Your query string is sent to the third-party search backend (Microsoft API).
• These third parties may associate queries with your identity.
• If multiple federated search data sources are enabled, the query might be sent to all of them.
• Once the data reaches the third-party system, it is governed by that system's terms of service and privacy policies.

What's next

• To provide a user interface for querying your data, create an app and connect it to the Microsoft Teams data store .
• To preview how your search results appear after your app is set up, see Get search results .
• To enable alerts for the data store, see Configure alerts for third-party data stores .