Microsoft Teams integration
Microsoft Teams integration with Microsoft Graph API connector
Microsoft Teams integration
Microsoft Teams integration with Microsoft Graph API connector
Microsoft Teams integration capabilities are included in the Microsoft Graph API Connector (formerly known as the Entra ID Connector).
With the Microsoft Graph API Connector, you have been able to read data from Microsoft Teams. Starting from version 2025.2, you can also perform actions towards Microsoft Teams and make changes within the Microsoft Teams environment. Together, these capabilities deliver tangible business value across four key areas:
Improved Visibility and Control: Near real-time access to Microsoft Teams related data, such as users, channels, and team memberships.
Automation and Efficiency: Automated actions reduce manual effort, speed up response times, and streamline processes.
Strategic Integration and Innovation: Seamless integration with other IT systems enables advanced automation, improved governance, and supports broader digital transformation initiatives.
Microsoft Teams integration can be build with Microsoft Graph API Connector.
For Customer instructions, see https://docs.efecte.com/customer-instructions/efecte-provisioning-engine-customer-instructions-for-entra-id
Microsoft Graph API documentation related to Teams integration: https://learn.microsoft.com/en-us/graph/api/resources/teams-api-overview?view=graph-rest-1.0
Examples of use-cases with Teams are
- Reading Teams and channels information
- Team Membership Management
- Team Lifecycle Management
- Team Ownership Validation
- Integration with user lifecycle processes
- Event-Driven Team Creation
- Event-Driven Channel Creation
Read Microsoft Teams teams
Azure application permissions
For Teams import, application in Azure needs these permissions
For Customer instructions, see https://docs.efecte.com/customer-instructions/efecte-provisioning-engine-customer-instructions-for-entra-id
| Permission type | Permissions |
| Application |
Group.Read.All, Team.ReadBasic.All and (Channel.ReadBasic.All or Channel.Read.All) |
Queries for Scheduled Task
Query: groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team')
Subqueries:
teams/{id}/channels
teams/{id}/members
Mappings for Scheduled Task
Always use Generic Template for Teams Mappings Type:
| External attribute | Local attribute | More info |
|---|---|---|
| id | team_id | Unique id of team |
| displayName | team_displayName | |
| description | team_description | |
| visibility | team_visibility | Public or private team |
| teams/{id}/channels.id | channel_id |
List of team channels ids This attribute must be multivalue |
| teams/{id}/members.userId | team_members |
List of team members ids This attribute must be multivalue |
Open topic: Would it be better to fetch also channel details (displayname, description etc.) to another multivalue attribute in this scheduled task, or fetch those channel by channel from workflow Orchestration node.
Event-based tasks (actions for) Microsoft teams and channels
Azure application permissions
For Teams actions, application in Azure needs permissions. To set correct permissions see: https://docs.efecte.com/customer-instructions/efecte-provisioning-engine-customer-instructions-for-entra-id and https://learn.microsoft.com/en-us/graph/permissions-reference
Event-Based Task
Url for Event-Based task can be empty. Final url to call is build by combining connector url and workflow node url.
Mappings for Event-Based Task
Header for Event-based Task
No need to set extra headers, Connector management sets this automatically:
| Content-type | application/json |
Workflow Node
On Workflow Orchestration node, select these Orchestrate, Data Source and Activity:
Select event-based task you made for this action. You can also use one event-based task for many actions.
Most of these actions use http method POST. Remember to set correct method for Workflow Orchestration node for these actions.
Get channel information
Action: GET
URL: teams/{team-id}/channels/{channel-id}
Body: (none)
In Workflow, parse resultset json from “REST response attribute” attribute, to create reference datacard of channel.
Example of returned resultset json when {team-id} team contains 2 channels:
Create a Team
Action: POST
URL: teams
Body example:
Microsoft documentation for API
Update a Team
Action: PATCH
URL: teams/{team-id}
Body example:
Microsoft documentation for API
Archive a Team
Action: POST
URL: teams/{id}/archive
Body example: {"shouldSetSpoSiteReadOnlyForMembers": true}
Microsoft documentation for API
Add Member(s) to a Team
Action: POST
URL: /teams/{team-id}/members
Body example:
Microsoft documentation for API
Remove Member from a Team
Action: DELETE
URL: /teams/{team-id}/members/{membership-id}
Body: (none)
https://learn.microsoft.com/en-us/graph/api/team-delete-members?view=graph-rest-1.0&tabs=http
Microsoft Application permissions for Teams and channels
Add correct permissions based on your use case need.
User scope type Application:
| Operation | Type | Permission | Notes |
|---|---|---|---|
| Discover teams | Application | Team.ReadBasic.All | Enumerate all teams in tenant. |
| Manage team settings | Application | TeamSettings.ReadWrite.All |
Read/update team settings; not supported for personal Microsoft accounts. |
| Create channels (any team) | Application | Channel.Create |
Create standard/private channels in any team. |
| Read channels (metadata) | Application | Channel.ReadBasic.All |
Read channel lists and basic info across tenant. |
| Read channel settings | Application | ChannelSettings.Read.All | Read all channel properties/settings. |
| Edit channel settings | Application | ChannelSettings.ReadWrite.All |
Modify channel name, description, moderation settings. |
| Manage team membership | Application | TeamMember.ReadWrite.All |
Add/remove members and change roles (guest add not supported). |
| Read channel membership | Application | ChannelMember.Read.All |
Read membership of all standard/ private/shared channels. |
| Manage channel membership | Application | ChannelMember.ReadWrite.All |
Add/remove/update members in private/shared channels. |
| Read channel messages | Application | ChannelMessage.Read.All |
Read all channel messages tenant-wide (compliance/audit). |
Known restrictions
Restrictions in 2025.2 and older versions
More than 1 level of subqueries are not supported, for performance reasons.
More than 1 subquery is not supported.
Connector doesn't yet support marking Teams/channel objects deleted to Matrix42 Core,Pro,IGA when object is deleted from Microsoft Teams.
Table of Contents