Grant Cloud App Security access to Microsoft Teams (Chat) to
allow Cloud App Security to run advanced threat protection
and data loss prevention scanning on messages and files in protected private
chats.
Important
|
As Microsoft's licensing models for Teams APIs impose usage restrictions and
licensing requirements on API calls, you need to use your own app registered with
Microsoft Entra ID and select an applicable licensing model when granting access to
Teams Chat. For details about the licensing models, see Microsoft Documentation.
The following table summarizes the licensing models and the supported Cloud App Security protection under each model.
Model
|
Licensing and Payment Requirements
|
Supported Cloud App Security
Protection
|
||
Model A
|
|
|
||
Model B
|
|
|
||
Evaluation Mode
|
No license or payment required
|
|
ImportantIf you have already granted access to Teams Chat in the old way without creating
your own app, Evaluation Mode applies. Trend Micro recommends that you update
the access grant to have access to all the licensing models and continued Cloud App Security protection by performing the
following:
Go to
, locate your Teams Chat service account, click Protect
with Your Own App, and complete the access grant by referring to
the operations in this topic. |
Private chat files are stored in the sender's OneDrive folder. If you have also
granted Cloud App Security access to OneDrive, when the user
sending or uploading a file is selected as a policy target respectively, Cloud App Security applies the corresponding policies for
Teams Chat and for OneDrive to this file.
The steps outlined below detail how to grant access to Teams Chat from
Dashboard.
Procedure
- Go to .
- Click Grant Access in the Action
column for Teams Chat.The Grant Access to Teams Chat screen appears.
- Create an app in Microsoft Entra ID for protecting Teams Chat.For details, see Creating an Microsoft Entra ID app for Teams protection.
- Specify the app ID and secret, select the policy
to enable automatically when the access grant is complete, and click
Grant Permission.Cloud App Security uses the secret to obtain an access token from Microsoft.
Note
- If for some reason the access token becomes invalid after the access grant, go to Service account. to create a new access token for the service account. For more information, see
- If the secret becomes invalid or you want to change to another app after the access grant, go to , locate your Teams Chat service account, and click Update Secret or Change App to start replacing the secret or changing to another app. The subsequent procedure is the same as the access grant process described in this topic.
- Specify your Microsoft 365 Global Administrator credentials and click Sign in.The Microsoft authorization screen appears.
- Click Accept to grant Cloud App Security permission to use the Graph API to access your Teams Chat related service data.
- Wait until the process is completed.If the message "Successfully created a service account and synced data." appears on the screen, the access grant is successful.