Sure, you can handle it. But should you?
Let our experts manage the tech maintenance while you focus on your business.
Let our experts manage the tech maintenance while you focus on your business.
Installation and Configuration
Microsoft Teams Connector
Introduction
Before installing the Microsoft Teams connector, make sure that Mindbreeze Server is installed. To install or update the connector, please use the Mindbreeze Management Center.
Hint: Microsoft Entra ID (ME-ID) is the new name for Microsoft Azure Active Directory (Azure AD). For more information about what Microsoft Entra ID is and what changes to note with the name change, see What is Microsoft Entra ID? - Microsoft Entra | Microsoft Learn and New name for Azure Active Directory - Microsoft Entra | Microsoft Learn.
Prerequisites
In order for Microsoft Teams to be crawled by the Microsoft Teams connector, a new or existing Microsoft Azure application is required that has permissions to read Microsoft Teams.
The Microsoft Azure application must meet the following requirements:
- Available Client Secret
- An expiration of 6 to 12 months is recommended so that the client secret is changed regularly.
- Attention: When creating the client secret, please note that the secret in the column “Value” is mandatory for creating the credentials in Mindbreeze InSpire. Make a note of this value immediately after creating the client secret, as the value will no longer be displayed in full when you leave the section.
- Granted access rights
- ChannelMember.Read.All
- ChannelMessage.Read.All
- Group.Read.All
- User.Read.All
The creation of a new application is carried out in Microsoft Entra - Microsoft Entra admin center. For more information, see the following links:
- Registration of a new application: How to register an app in Microsoft Entra ID - Microsoft identity platform | Microsoft Learn
- Creation of a Client Secret: Add and manage app credentials in Microsoft Entra ID - Microsoft identity platform | Microsoft Learn
- Granting of access rights: Web API app registration and API permissions - Microsoft identity platform | Microsoft Learn
Attention: When generating the client secret, please note that the value in the “Value” column is essential for creating the credential in Mindbreeze InSpire. Make a note of this value immediately after generating the client secret, as the value will no longer be displayed in full when you leave the area.
Configuration of Mindbreeze
Configuration of the index
To create a new index, navigate to the “Indices” tab and click the “Add new index” icon in the upper right corner.
Change the display name of the created index as necessary.
Configuration of the data source
Add a new data source by clicking the “Add new custom source” icon at the top right. Select the category “Microsoft Teams” and configure the data source according to your needs.
Section „Connection Settings“
In the "Connection Settings" area you can define your Microsoft Teams instance to be indexed. The following options are available:
Setting | Description | Default setting/Example |
Graph Service Root (Advanced Settings) | The endpoint/URL of the Microsoft Graph API. Change this setting only if you are using a national (non-international) Microsoft Cloud. A list of all available national Microsoft Graph endpoints can be found in the chapter Microsoft Graph. | Default setting: https://graph.microsoft.com |
Azure AD Url (Advanced Settings) | The endpoint/URL to the Microsoft Entra ID. Change this setting only if you are using a national (non-international) Microsoft Cloud. A list of all available national Microsoft Entra ID endpoints can be found in the chapter Microsoft Entra ID. | Default setting: https://login.microsoftonline.com |
Trust all SSL certificates (Advanced Settings) | Allows the use of non-secured connections, for example for test systems. Attention: Do not enable this setting in the production environment. | Default setting: Deaktiviert |
Tenant ID* | The Tenant ID of your Microsoft Azure application. Hint: You can find the “Tenant ID” in the “Overview” screen of your application in the section “Essentials” as “Directory (tenant) ID”. | Example: 1234abcd-5678-ef90-1a2b-3c4d5e6f7a8b |
App ID* | The App ID of the Microsoft Azure application. Hint: You can find the “App ID” in the “Overview” screen of your application in the “Essentials” section as “Application (client) ID”. | Example: 1234abcd-5678-ef90-1a2b-3c4d5e6f7a8b |
Client Secret* | The credential created in the “Network” tab, which contains the created Client Secret. | Example: Microsoft Teams Credential |
SharePoint Online Category Instance | Defines the “Category Instance” that was configured in the Microsoft SharePoint Online Connector. Attachments of Teams messages are stored in Microsoft SharePoint Online. If a reference from Microsoft Teams to the files in Microsoft SharePoint Online is to be created, you must create the Microsoft SharePoint Online Crawler in the same index as the Microsoft Teams Crawler and enter its category instance here. For more information about the setup of the SharePoint Online Connector, see Configuration - Microsoft SharePoint Online Connector. | Example: SharePointOnlineCategoryInstance |
Crawler Thread Count | Number of threads used for indexing | Default setting: 10 |
Log All Requests (Advanced Settings) | If this setting is activated, all requests against the Graph API are written into a logfile. Should only be activated for troubleshooting. | Default setting: Deaktiviert |
Synthesized Title Length (Advanced Settings) | If a message in Microsoft Teams has no subject, the content of the message is used as the title of the Mindbreeze document. The value of this setting determines the maximum length of titles that are set in this way. If the title is longer, it will be truncated with “...”. | Default setting: 100 |
Max Retries (Advanced Settings) | The maximum number of retries that will be attempted when the server sends certain throttling responses (e.g. 429). | Default setting: 10 |
Network Timeout (Seconds) (Advanced Settings) | Defines the network timeout for outgoing connections. | Default setting: 30 |
Enable Delta Crawl (Advanced Settings) | When this setting is activated, the crawler only retrieves all messages from all Microsoft Teams channels during the first crawl run. Afterwards, only the changes in the channels are retrieved. With this setting an improved performance can be achieved. Deactivate this option only, if an inconsistency between the index and the actual messages in Microsoft Teams has occured. | Default setting: 30 |
[Deprecated] Exclusively Use Beta API (Advanced Settings) | This option is deprecated and should not be enabled. | - |
* = These settings must be configured for the connector to work and index documents. All other settings must be configured according to the specific application. | ||
Section „Content Settings“
Setting | Description | Default setting/Example |
Excluded Team Name Patterns | Regular expressions that can be used to specify which teams should be excluded. The regex matches the display name of the team. | Example: Chicago-.* Excludes the following teams:
|
Included Team Name Patterns | Regular expressions that can be used to specify which teams should be included. The regex matches the display name of the team. If this setting is empty, all teams will be crawled. | Example: Chicago-.* Includes the following teams:
|
Index Private Teams | If this setting is enabled, private teams will be indexed. | Default setting: Activated |
Index Archived Teams | If this setting is enabled, archived teams will be indexed. | Default setting: Activated |
Excluded Team IDs (Advanced Settings) | With this setting the IDs of the teams can be specified that should be excluded. | Example: 328f479d-41c5-48fb-9347-ce47719d9e2a |
Included Team IDs (Advanced Settings) | With this setting the IDs of the teams can be specified that should be indexed. | Example: 328f479d-41c5-48fb-9347-ce47719d9e2a |
Available national endpoints
Microsoft Graph
National Cloud | Microsoft Graph |
Microsoft Graph global service | https://graph.microsoft.com |
Microsoft Graph for US Government L4 (GCC High) | https://graph.microsoft.us |
Microsoft Graph for US Government L5 (DOD) | https://dod-graph.microsoft.us |
Microsoft Graph China operated by 21Vianet | https://microsoftgraph.chinacloudapi.cn |
For more information, see https://learn.microsoft.com/en-gb/graph/deployments#microsoft-graph-and-graph-explorer-service-root-endpoints.
Microsoft Entra ID
National Cloud | Microsoft Entra authentication endpoint |
Microsoft Entra ID (global service) | https://login.microsoftonline.com |
Microsoft Entra ID for US Government | https://login.microsoftonline.us |
Microsoft Entra ID China operated by 21Vianet | https://login.partner.microsoftonline.cn |
For more information, see https://learn.microsoft.com/en-gb/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints.
Request access to protected APIs
Certain endpoints that we need for indexing Microsoft Teams are so-called "protected APIs". For these a request has to be made to Microsoft to get permission to use them. You can read more about this here: https://docs.microsoft.com/en-us/graph/teams-protected-apis
The request form can be found here: https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR1ax4zKyZjVBmutzKVo1pVtUQ1VJMlNTNUdJV1FKTzVZSVU4MlMwTTdOTSQlQCN0PWcu
Access requests are reviewed every Wednesday and permissions are granted every Friday except during major holiday weeks in the US.
You can fill out this form roughly as follows:
Field | Entry |
Your email address and any others you want to list as an owner (semicolon separated) | The email address(es) of the O365 admin(s). |
May we contact you about your app's use of non-protected APIs? (E.g., reliability issues, advanced notice of breaking changes, throttling, etc) | No |
Publisher name | Mindbreeze GmbH |
App name | Mindbreeze Microsoft Teams Connector |
App id(s) to enable application permissions for | App ID of the app created for the connector. |
What does your app do? Why does it exist? (2-3 sentences explaining to an admin who has never heard of your app what it is and why they want it) | Mindbreeze InSpire is a software system enabling the search for information objects in a corporate context ("Enterprise Search Software"). Information objects can be any kind of information contained in structured, partially structured or unstructured storage systems. For most use cases these information objects will be document files in a file system, e-mails in an e-mail box system or documents in a document management system or archive. |
Why does your app need read access to all messages in the tenant? (If you don't, you don't need protected APIs) | As stated above, Mindbreeze InSpire needs to fetch all messages from channels to build an index that the customer can search in. This index also contains many other data sources. |
Data retention - select one of these options | It is obvious to any admin installing this app that it will make a copy Microsoft Teams messages. |
What are the tenant ID's that this app needs to run in? (semicolon-separated. Put "all" if you're writing software for other organizations to use.) | Tenant ID of your O365 tenant |
Does your organization own all those tenants? (if no, your answer above should be "all", or you should get the tenant owner to submit the request) | Yes |
Configuration of the Principal Resolution Service
To use a principal resolution service for the Microsoft Teams connector, the Microsoft Azure principal resolution service must be configured. A comprehensive description of the configuration can be found in Configuration - Microsoft Azure Principal Resolution Service.
For more information about creating and configuring a cache for a principal resolution service and other configuration options, see Installation & Configuration - Caching Principal Resolution Service.
Archive
Configuring the principal resolution service
The Teams Principal Resolution Service has been deprecated. Use Microsoft Azure Principal Resolution Service instead.
For completeness, the following sections describe the configuration of the deprecated Teams Principal Resolution Service.
Select “Advanced Settings” to configure the following settings.
Enable the option “Enforce ACL Evaluation.”
Scroll down and add a new service in the "Services" section by clicking on "Add Service". Select "Microsoft Teams Principal Resolution Service" and assign a display name.
Section „Connection Settings“
In the "Connection Settings" area you can define your Microsoft Teams instance to be indexed. The following options are available:
Tenant ID | The Tenant ID of your Microsoft 365 instance. This can be found on the overview page of the app in Azure |
App ID | The Application (Client) ID of the app created in Azure |
Client Secret | The Credential created in the Network tab, which contains the created Client Secret |
Crawler Thread Count | Number of threads used for processing groups |
Log All Requests | If this option is activated, all requests against the Graph API are written to a logfile. Should only be activated for troubleshooting. |
Enable Delta Update | As long as this option is enabled, the Principal Service will only fetch all groups from Microsoft Teams during the first update, after which only the changes to the groups will be fetched, which significantly improves performance. Only deactivate this option if an inconsistency has arisen between the Principal Service and the actual groups in Microsoft Teams. |
[Deprecated] Exclusively Use Beta API | This option is deprecated and should not be enabled. If this option is deactivated, make sure that the permissions of the app are correct (see Section 2.2.1 Creating the Application in Azure), because the /beta API sometimes allows API queries despite insufficient permissions. If this option is enabled, the Principal Resolution Service uses the /beta API. Otherwise, the /v1.0 API is used. |