Creating an Azure AD App for Teams Chat Protection

  1. Log on to the Azure Active Directory portal as an Office 365 Global Administrator.
  2. Register an app.
    1. Click Azure Active Directory, App registrations, and New registration.

      The Reigster an application page appears.

    2. Name the application.
    3. Select a supported account type.

      The account type determines who can use the app.

      If you have multiple organizations in Cloud App Security, Trend Micro recommends that you select Accounts in any organizational directory (Any Azure AD directory - Multitenant) for all the organizations to use this app.

    4. Under Redirect URI, select Web and type <URL of your Cloud App Security management console logon page>/provision.html.

      For example, if your URL is, type

    5. Click Register.

      The Overview screen of the registered app appears.

    6. Record the value of Application (client) ID.

      You need to use the app ID during Teams Chat provisioning.

  3. Assign permissions to the app.
    1. Click the Manifest tab.
    2. Locate resourceAccess under requiredResourceAccess, change the parameter value to the following, and click Save.
      "resourceAccess": [
                          "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
                          "type": "Scope"
                          "id": "75359482-378d-4052-8f01-80520e7db3cd",
                          "type": "Role"
                          "id": "df021288-bdef-4463-88db-98f22de89214",
                          "type": "Role"
                          "id": "7e847308-e030-4183-9899-5235d7270f58",
                          "type": "Role"
                          "id": "6b7d71aa-70aa-4810-a8d9-5d9fb2830017",
                          "type": "Role"
                          "id": "5b567255-7703-4780-807c-7be8301ae99b",
                          "type": "Role"
    3. Click API permissions and verify that the following permissions are present:
      • Chat.Read.All

      • Chat.UpdatePolicyViolation.All

      • Files.ReadWrite.All

      • Group.Read.All

      • User.Read

      • User.Read.All

  4. Create an app secret.
    1. Click the Certificates & secrets tab.
    2. Click New client secret, specify a description and a duration for the secret, and click Add.

      The new secret is displayed.


      When the secret expires, Cloud App Security can no longer protect Teams Chat. Select a longer duration to avoid frequently replacing the secret.

    3. Copy and store the secret value.

      You need to use the secret during Teams Chat provisioning. The secret cannot be retrieved later.

  5. Set up an active Azure subscription for billing purpose.

    For details, see Microsoft Documentation.