Skip to main content

Microsoft Teams

This Integration is part of the Microsoft Teams Pack.#

Use the Microsoft Teams integration to send messages, notifications, and create meetings. This integration was tested with version 1.0 of Microsoft Teams.

This document includes the following sections to help you understand, set up, and use the integration effectively:

Integration Architecture#

Data is exchanged between Microsoft Teams and Cortex XSOAR/XSIAM through a bot that you configure in Teams. A webhook (that you will configure) receives the data from Teams and passes it to the messaging endpoint. The web server on which the integration runs in Cortex XSOAR/XSIAM listens to the messaging endpoint and processes the data from Teams. You can use an engine for communication between Teams and the Cortex XSOAR/XSIAM tenant. To mirror messages from Teams into Cortex XSOAR, the bot must be explicitly mentioned in the message using the '@' symbol. The web server for the integration runs within a long-running Docker container. Cortex XSOAR/XSIAM maps the Docker port to which the server listens, to the host port (to which Teams posts messages). For more information, see long-running integrations documentation and Docker documentation.

Protocol Diagram#

image

Setup and Configuration#

Note: The information in this video is for Cortex XSOAR 6 but mostly still applies to Cortex XSOAR 8/XSIAM. Refer to the Prerequisites section for the latest instructions.

Prerequisites#

  1. Create the Demisto Bot in Microsoft Azure Portal
  2. Grant the Demisto Bot Permissions
  3. Configure Microsoft Teams on Cortex XSOAR/XSIAM
  4. Add the Demisto Bot to a Team

1. Create the Demisto Bot in Microsoft Teams#

Creating the Demisto Bot using Microsoft Azure Portal:

  1. Navigate to the Create an Azure Bot page.

  2. In the Bot Handle field, type Demisto Bot.

  3. Fill in the required Subscription and Resource Group, relevant links: Subscription, Resource Groups.

  4. For Type of App, select Single Tenant.

    • Note ⚠️: The Multi Tenant App type was deprecated by Microsoft. Existing apps remain functional and do no require any changes. You can change existing apps to a Single Tenant in the Azure portal's bot configuration, but it is not required.
  5. For Creation type, select Create new Microsoft App ID for Creation Type if you don't already have an app registration, otherwise, select Use existing app registration, and fill in you App ID.

    • Note ⚠️: if you choose Use existing app registration, make sure to delete the previous created bot with the same app id, remove it from the team it was added to as well.
  6. Click Review + Create, and wait for the validation to pass.

  7. Click Create if the validation has passed, and wait for the deployment to finish.

  8. Under Next Steps, click Go to resource.

  9. This step can be skipped for now, return to it after configuring the Microsoft Teams instance in Cortex XSOAR/XSIAM.

    Navigate to Settings -> Configuration on the left bar, and fill in the Messaging Endpoint.

    • Note ⚠️: To get the correct messaging endpoint based on the server URL, the server version, and the instance configurations, use the microsoft-teams-create-messaging-endpointcommand. Using this command requires an active integration instance. This step can be done after completing the instance configuration section.
  10. Store the Microsoft App ID value for the next steps, and navigate to Manage next to it.

  11. Click New Client Secret, fill in the Description and Expires fields as desired. Then click Add.

  12. Copy the client secret from the value field and store it for the next steps.

  13. Go back to the previous page, and navigate to Channels in the left bar.

  14. Click Microsoft Teams under Available Channels, click the checkbox, click Agree, then click Apply.

2. Grant the Demisto Bot Permissions in Microsoft Graph#

In order to connect to Microsoft Teams use one of the following authentication methods:

  • Client Credentials Flow
  • Authorization Code Flow (Supports the chat commands)

Perform the following steps to add the needed permissions:

  1. Go to your Microsoft Azure portal, and from the left navigation pane select Azure Active Directory > App registrations.
  2. Search for and click Demisto Bot.
  3. Click API permissions > Add a permission > Microsoft Graph > Application/Delegated permissions.
  4. For each of the next permissions listed below, search for the permission, select the checkbox, and click Add permissions.

Note ⚠️: The microsoft-teams-ring-user command requires authenticating with Client Credentials due to a limitation in Microsoft's permissions system. (Calling this command will perform the authentication seemlessly)

For Client Credentials Flow add the following#

Application Permissions:

  • User.Read.All
  • GroupMember.Read.All
  • Channel.ReadBasic.All
  • ChannelMember.ReadWrite.All
  • Channel.Create
  • Channel.Delete.All
  • OnlineMeetings.ReadWrite.All
  • Calls.Initiate.All

For Authorization Code Flow add the following#

Delegated Permissions:

  • User.Read.All
  • GroupMember.Read.All
  • Channel.ReadBasic.All
  • ChannelMember.ReadWrite.All
  • Channel.Create
  • Channel.Delete.All
  • ChannelMessage.Send
  • OnlineMeetings.ReadWrite.All
  • Chat.ReadWrite
  • AppCatalog.Read.All
  • TeamsAppInstallation.ReadWriteSelfForChat

Application permissions: (For microsoft-teams-ring-user)

  • User.Read.All
  • Calls.Initiate.All

Alternatively, you can check each relevant command section below for the minimum permissions it requires.

  1. Verify that all permissions were added, and click Grant admin consent.

  2. When prompted to verify granting permissions, click Yes, and verify that permissions were successfully added.

  3. Click Authentication > Platform configurations > Add a platform. Choose Web and add Redirect URIs: https://oproxy.demisto.ninja/authcode

3. Configure Microsoft Teams on Cortex XSOAR/XSIAM#

There are two flows to configure the integration (mentioned before):

Please note that you need to use the flow to which you have added permissions.

  1. Client Credentials
  2. Authorization Code (Support The chat commands)

For more detailed instructions, refer to the relevant authentication flow section.

To configure the integration, do the following:

  1. Search for Microsoft Teams integration after you have installed it from the Marketplace.

  2. Click Add instance to create and configure a new integration instance by using one of the flows. Instructions below.

    ParameterDescriptionRequired
    NameThe integration instance name.
    If using Cortex XSOAR/XSIAM rerouting configuration, insert here the instance name you configured in the messaging endpoint.
    True
    Bot IDBot ID.True
    Bot PasswordBot Password.True
    Authentication TypeCan be Client Credentials or Authorization Code. Please check the limitations for each flow.True
    Application redirect URIUsed for Authorization Code flow. Need to be configured in the Teams application in the Azure portal as well.False
    Authorization codeUsed for Authorization Code flow. Received from the authorization step, after running generate-login-url command. See the Detailed instructions under the Help section.False
    Default teamThe team to which messages and notifications are sent. If a team is specified as a command argument, it overrides this parameter.True
    Notifications channelTrue
    Certificate (Required for HTTPS)False
    Private Key (Required for HTTPS)False
    Minimum incident severity to send notifications to Teams byFalse
    Disable Automatic NotificationsWhether to disable automatic notifications to the configured notifications channel.False
    Allow external users to create incidents via direct messageFalse
    The header of an external form hyperlink.False
    Trust any certificate (not secure)Do not check for Cortex XSOAR version 8 and Cortex XSIAM.False
    Use system proxy settingsFalse
    Long running instanceMust be checked when using the Bot.True
    Listen port, e.g., 7000 (Required for investigation mirroring and direct messages)The long running port.False
    Incident typeIncident type.False

Authentication Using the Client Credentials Flow#

Note ⚠️: The chat commands are only supported when using the Authorization Code flow.

  1. Choose the 'Client Credentials' option in the Authentication Type parameter.
  2. Enter your Client/Application ID in the Bot ID parameter.
  3. Enter your Client Secret in the Bot Password parameter.
  4. Set the Default team and the Notifications channel parameters.
  5. Set the Long running instance parameter to 'True'.
  6. Save the instance.
  7. Click Test to validate the URLs, token, and connection.
  8. Configure the messaging endpoint if you haven't done so already (Step #9 in the Bot Creation section).
  9. Add the Demisto Bot to a Team.

Authentication Using the Authorization Code Flow#

Note ⚠️: The microsoft-teams-ring-user command requires authenticating with Client Credentials.

  1. Choose the 'Authorization Code' option in the Authentication Type parameter.
  2. Enter your Client/Application ID in the Bot ID parameter.
  3. Enter your Client Secret in the Bot Password parameter.
  4. Enter your Application redirect URI in the Application redirect URI parameter (Step #7 in the Grant Permissions section).
  5. Set the Default team and the Notifications channel parameters.
  6. Set the Long running instance parameter to 'True'.
  7. Save the instance.
  8. Configure the messaging endpoint if you haven't done so already (Step #9 in the Bot Creation section).
  9. Add the Demisto Bot to a Team
  10. Run the !microsoft-teams-generate-login-url command in the Playground and follow the on-screen instructions.
  11. Save the instance.
  12. Run the !microsoft-teams-auth-test command. A 'Success' message should be printed to the War Room.

If you encounter any issue or error — especially a message saying "Tenant ID is not found" — please refer to the Troubleshooting section.

4. Add the Demisto Bot to a Team#

According to Microsoft it usually takes up to 3-5 business days for the app to reflect in the "built for your org" section.

After configuring the integration on Cortex XSOAR/XSIAM (the previous step), do the following:

  1. Download the ZIP file located at the Download Demisto Bot section.

  2. Uncompress the ZIP file. You should see 3 files (manifest.json, color.png and outline.png).

  3. Open the manifest.json file that was extracted from the ZIP file.

  4. Update the following values to use the Bot ID from step 5 of the Create the Demisto Bot in Microsoft Teams section:

    • The id field.
    • The BotId attribute in the bots list.
    • The id attribute in the webApplicationInfo field.
  5. Compress the 3 files (the modified manifest.json file, color.png and outline.png).

  6. Navigate to Manage Apps in the Microsoft Teams admin center.

  7. Click Actions and then + Upload new app.

  8. In the pop-up window, click Upload.

  9. Browse for the ZIP file you created in step 7, open it, and wait a few seconds until it loads.

  10. Search for Demisto Bot.

  11. In the line where Demisto Bot shows under Name, click the checkbox on the left.

  12. Click Add to team.

  13. In the search box, type the name of the team to which you want to add the bot.

  14. Click Add for the wanted team and then click Apply.

Migration from Cortex XSOAR 6 to Cortex XSOAR 8 and Cortex XSIAM#

Using Cortex XSOAR or Cortex XSIAM rerouting#

When migrating from Cortex XSOAR 6 to Cortex XSOAR 8 or Cortex XSIAM, follow these steps to ensure your Microsoft Teams integration continues to work as expected:

  1. For this step you can use the microsoft-teams-create-messaging-endpoint command to generate the messaging endpoint automatically. Update the messaging endpoint in the Azure bot configuration:

    • For Cortex XSOAR 8, set the messaging endpoint in the Azure bot to be https://ext-<CORTEX-XSOAR-SERVER-ADDRESSS>/xsoar/instance/execute/<INTEGRATION-INSTANCE-NAME>, e.g., https://ext-my.demisto.live/xsoar/instance/execute/teams.
    • For Cortex XSIAM, set the messaging endpoint in the Azure bot to be https://ext-<CORTEX-XSIAM-SERVER-ADDRESSS>/xsoar/instance/execute/<INTEGRATION-INSTANCE-NAME>, and replace the xdr in the URL to crtx.
  2. Ensure the long-running instance parameter is enabled in the integration instance configuration.

  3. Set the port parameter under the Connect section of the integration instance.

  4. If you're reusing the same bot from your XSOAR 6 instance, remove the bot from the Microsoft Teams team and add it back:

    1. In Microsoft Teams, go to your team.

    2. Click the three dots next to the team name.

    3. Go to Manage team > Apps.

    4. Find your bot, click the three dots next to it.

    5. Select Remove.

    6. Add the bot to the team again.

Setup Examples#

1. Using Cortex XSOAR or Cortex XSIAM rerouting#

In this configuration, we will use Cortex XSOAR/Cortex XSIAM functionality, which reroutes HTTPS requests that hit the default port (443) to the web server that the integration spins up.

The messaging endpoint needs to be:

For Cortex XSOAR version 6.x: <CORTEX-XSOAR-URL>/instance/execute/<INTEGRATION-INSTANCE-NAME>, e.g., https://my.demisto.live/instance/execute/teams.

For Cortex XSOAR version 8 and Cortex XSIAM: https://ext-<CORTEX-XSOAR-SERVER-ADDRESSS>/xsoar/instance/execute/<INTEGRATION-INSTANCE-NAME>, e.g., https://ext-my.demisto.live/xsoar/instance/execute/teams.

The integration instance name, teams in this example, needs to be configured in the Configure Microsoft Teams on Cortex XSOAR/XSIAM step. Make sure to set the instance name in all lowercase letters and as one word.

  • Note ⚠️: You can use the microsoft-teams-create-messaging-endpoint command to generate the messaging endpoint, based on the server URL, the server version, and the instance configurations. For more information, see -microsoft-teams-create-messaging-endpoint documentation.

The port to be configured in Configure Microsoft Teams on Cortex XSOAR/XSIAM step should be any available port that is not used by another service.

In addition, make sure Instance execute external is enabled (for Cortex XSOAR 6.x).

  1. In Cortex XSOAR, go to Settings > About > Troubleshooting.
  2. In the Server Configuration section, verify that the instance.execute.external.\<INTEGRATION-INSTANCE-NAME> (instance.execute.external.teams in this example) key is set to true. If this key does not exist, click + Add Server Configuration and add the instance.execute.external.\<INTEGRATION-INSTANCE-NAME> and set the value to true. See the following reference article for further information.

2. Using NGINX as reverse proxy#

In this configuration, the inbound connection, from Microsoft Teams to Cortex XSOAR/Cortex XSIAM, goes through a reverse proxy (e.g., NGINX) which relays the HTTPS requests posted from Microsoft Teams to the Cortex XSOAR/Cortex XSIAM server on HTTP.

On NGINX, configure the following:

  • SSL certificate under ssl_certificate and ssl_certificate_key
  • The Cortex XSOAR server (including the port) under proxy_pass, e.g. http://mydemistoinstance.com:7000

Follow Configuring Upstream Servers NGINX guide for more details.

The port (7000 in this example), to which the reverse proxy should forward the traffic on HTTP, should be the same port you specify in the integration instance configuration, as the web server the integration spins up, listens on that port.

image

image

3. Using Apache reverse proxy and Cortex XSOAR/XSIAM engine#

In this configuration, the inbound connection, from Microsoft Teams to Cortex XSOAR/XSIAM, goes through a reverse proxy (e.g., Apache) and possibly a load balancer, which relays the HTTPS requests posted from Microsoft Teams to a Cortex XSOAR/XSIAM engine, which can be put in a DMZ, on HTTP.

The port (7000 in this example), to which the reverse proxy should forward the traffic on HTTP, should be the same port you specify in the integration instance configuration, as the web server the integration spins up, listens on that port.

image

image

4. Using Cloudflare#

In this configuration, we will use Cloudflare proxy.

The messaging endpoint should be the Cortex XSOAR/XSIAM URL, which needs to be hosted on Cloudflare, with the port to which Cloudflare proxy directs the HTTPS traffic, e.g., https://mysite.com:8443

In the Configure Microsoft Teams on Cortex XSOAR/XSIAM step, the following need to be configured:

  • The port selected above.
  • A certificate and key for configuring HTTPS web server. This certificate can be self-signed.

The proxy intercepts HTTPS traffic, presents a public CA certificate, then proxies it to the web server.

All HTTPS traffic that will hit the selected messaging endpoint will be directed to the HTTPS web server the integration spins up, and will then be processed.

Important Information#

  • This integration is supported in Cortex XSOAR 8 and up and Cortex XSIAM without using an engine.

  • The integration has the ability to run built-in Cortex XSOAR/XSIAM commands, through a mirrored channel. Make sure to pass the command in the chat exactly as typed in the CORTEX XSOAR CLI. For example: !DeleteContext all=yes. Use the command mirror-investigation to mirror/create a mirrored channel.

  • For use cases where it is only needed to send messages to a specific channel, we recommend checking the Microsoft Teams via Webhook Integration, which has a simpler setup.

  • The messaging endpoint must be one of the following:

    • The URL of the Cortex XSOAR/XSIAM server, including the configured port
    • The Cortex XSOAR/XSIAM rerouting URL that you've defined for your Microsoft Teams instance (see the Using Cortex XSOAR or Cortex XSIAM rerouting section for more details)
    • A proxy that redirects the messages received from Teams to the Cortex XSOAR/XSIAM server (see the Using NGINX as reverse proxy section for more details)
  • Microsoft Teams sends events to the messaging endpoints via an HTTPS request, so the messaging endpoint must be accessible for Microsoft Teams to reach it. As a result, the messaging endpoint cannot contain a private IP address or any DNS that will block the request from Microsoft Teams.

  • To verify that the messaging endpoint is open as expected, from a browser, go to the messaging endpoint in an environment that is disconnected from the Cortex XSOAR/XSIAM environment.

  • It's important that the port is opened for outside communication and that the port is not being used, meaning that no service is listening on it. Therefore, the default port, 443, should not be used.

  • For additional security, we recommend placing the Teams integration web server behind a reverse proxy (such as NGINX).

  • By default, the web server that the integration starts provides services in HTTP. For communication to be in HTTPS you need to provide a certificate and private key in the following format:

    -----BEGIN PRIVATE KEY-----
    ...
    -----END PRIVATE KEY-----
  • You must not set a certificate and/or private key if you are using the Cortex XSOAR/XSIAM rerouting setup.

  • Microsoft does not support self-signed certificates and requires a chain-trusted certificate issued by a trusted CA.

In order to verify which certificate is used, run the following (replace {MESSAGING-ENDPOINT} with the messaging endpoint):

curl {MESSAGING-ENDPOINT} -vI

Make sure the output does not contain the following:

curl: (60) SSL certificate problem: self signed certificate
  • The following domains are used by this integration:

Known Limitations#

  • The microsoft-teams-ring-user command requires using the Client Credentials authentication due to a limitation in Microsoft's permissions system. As such, when using Authorization Code flow and calling this command, the integration will internally authenticate using the Client Credentials flow.
  • The chat commands are only supported when using the Authorization Code flow.
  • Posting a message or adaptive card to a private/shared channel is currently not supported in the send-notification command. Thus, also the mirror_investigation command does not support private/shared channels. For more information, see Microsoft General known issues and limitations.
  • The send-notification command currently supports only adaptive cards without user responses. To collect user responses from adaptive cards, please use the MicrosoftTeamsAsk command.
  • In case of multiple chats/users sharing the same name, only one will be used.
  • If a non-Cortex XSOAR/XSIAM user ran the new incident command in the chat with the bot, the owner of the created incident would be the logged in Cortex XSOAR/XSIAM user, not the external user who ran the command.
  • See Microsoft documentation for Limits and specifications for Microsoft Teams.

Troubleshooting#

  1. The integration works by spinning up a web server that listens to events and data posted to it from Microsoft Teams. If you see the error message Tenant ID is missing, please make sure that the messaging endpoint is configured correctly, and the bot is added to a team., then it means that the tenant ID was never posted to the web server, which should happen for the first time when the bot is added to the configured team.

    This probably means that there is a connection issue, and the web server does not intercept the HTTPS queries from Microsoft Teams.

    To troubleshoot:

    1. Verify that the messaging endpoint is configured correctly. Use the microsoft-teams-create-messaging-endpointcommand (microsoft-teams-create-messaging-endpoint documentation) to get the correct messaging endpoint based on the server URL, the server version, and the instance configurations.

    2. In some cases, a connection is not created between Teams and the messaging endpoint when adding a bot to the team. You can work around this problem by adding any member to the team the bot was added to (the bot should be already added to the team). This will trigger a connection and solve the issue. You can then remove the member that was added.

    3. If the previous step did not work, remove the bot from the team, go to the Microsoft Teams admin center > Manage apps and hard refresh the page!(cmd+ shift + R), then add the bot to the team again.

    4. The integration stores in cache metadata about the teams, members and channels. Starting from Cortex XSOAR version 6.1.0, you can clear the integration cache in the integration instance config:

      First, make sure to remove the bot from the team (only via the Teams app), before clearing the integration cache, and add it back after done. If the bot belongs to multiple teams, make sure to remove it from all the teams it was added to, and then clear the cache.

    5. Verify the Docker container is up and running and publish the configured port to the outside world:

      From the Cortex XSOAR/XSIAM engine machine run:

      docker ps | grep teams

      You should see the following, assuming port 7000 is used:

      988fdf341127 demisto/teams:1.0.0.6483 "python /tmp/pyrunne…" 6 seconds ago Up 4 seconds 0.0.0.0:7000->7000/tcp demistoserver_pyexecLongRunning-b60c04f9-754e-4b68-87ed-8f8113419fdb-demistoteams1.0.0.6483--26

      If the Docker container is up and running, try running cURL queries to verify the web server is up and running and listens on the configured URL:

      • To the messaging endpoint from a separate box.
      • From the Cortex XSOAR machine to localhost.
        • Note ⚠️: The web server supports only POST method queries.

      If the cURL queries were sent successfully, you should see the following line in Cortex XSOAR logs: Finished processing Microsoft Teams activity successfully.

    6. If you're working with secured communication (HTTPS), make sure that you provided a valid certificate. (Not for Cortex XSOAR/Cortex XSIAM Rerouting ).

      1. Run openssl s_client -connect <domain.com>:443 .
      2. Verify that the returned value of the Verify return code field is 0 (ok), otherwise, it's not a valid certificate.
  2. If you see the following error message: Error in API call to Microsoft Teams: [403] - UnknownError, it means the AAD application has insufficient permissions.

    • To retrieve the API permission associated with the used graph access token you can run the microsoft-teams-token-permissions-list command (microsoft-teams-token-permissions-list documentation).

    • Compare the permissions list obtained for the token with the permissions required for the command you wish to execute (can be found in the command documentation).

    • If there are missing API permissions, add them to your application, and then run the microsoft-teams-auth-reset command (as described here - microsoft-teams-auth-reset documentation).

    • If your authentication type is the Authorization Code Flow, after running the microsoft-teams-auth-reset command you will need to regenerate the Authorization code parameter by running the microsoft-teams-generate-login-url command, and to verify the authentication by running the !microsoft-teams-auth-test command.

  3. Since the integration works based on Docker port mapping, it can't function if the Docker is set to run with the host networking (--network=host). For more details, refer to the Docker documentation.

  4. If you are receiving repeated Connection reset by peer errors, the requests might be getting blocked temporarily by Azure due to repeated permission errors. Ensure you are not missing any permissions that might cause constant failures and eventually leading to server timeouts.

Download Demisto Bot#

Demisto Bot zip

Running commands from Microsoft Teams#

You can run Cortex XSOAR/XSIAM commands, according to the user permissions, from Microsoft Teams in a mirrored investigation channel. For Microsoft Teams integration commands to be sent to Cortex XSOAR/XSIAM, you need to have role/access to Cortex XSOAR/XSIAM and your Teams email needs to match the email/user in Cortex XSOAR/XSIAM. External users can create incidents if the flag is set in the integration, but the rest of the commands require a valid Cortex XSOAR/XSIAM user and role.

Direct messages commands#

You can chat with the bot in direct messages in order to retrieve data (list incidents and tasks) and run operations (create incident and mirror an investigation) related to Cortex XSOAR.

You can send the message help in order to see the supported commands:

image

Note ⚠️: To enrich an incident created via the Demisto BOT (new incident command) with extra information received with the request, as in regular fetch-incidents process users may create custom mappers and map the desired values.

Commands#

You can execute these commands from the Cortex XSOAR/XSIAM CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

send-notification#


Sends a message to the specified teams. To mention a user in the message, add a semicolon ";" at the end of the user mention. For example: @Bruce Willis;.

If sending a reply to a message, the message ID must be provided and the reply will be sent via the Graph API which means the message will appear from the account used to authorize the integration instance and not the bot. Setting the account's name and picture to match the bot will make it appear to be from the same source.

Base Command#

send-notification

Required Permissions#

GroupMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.ReadBasic.All - Application (Client Credentials) / Delegated (Authorization Code)

ChannelMessage.Send - Delegated (Authorization Code) - Only needed for sending replies to messages

Input#
Argument NameDescriptionRequired
channelThe channel to which to send messages. Supports only standard channels.Optional
messageThe message to send to the channel or team member.Optional
team_memberDisplay name or email address of the team member to send the message to.Optional
teamThe team in which the specified channel exists. The team must already exist, and this value will override the default channel configured in the integration parameters.Optional
message_idID of the message to send the notification to as a reply when sending to a channel.Optional
adaptive_cardThe Microsoft Teams adaptive card to send.Optional
toThe team member to which to send the message.Optional
external_form_url_headerThe header of an external form hyperlink. Default is Microsoft Teams Form.Optional
Context Output#
PathTypeDescription
MicrosoftTeams.Message.IDStringID of the message sent.
Command Example#

!send-notification channel=General message="hello world!" team=DemistoTeam

Human Readable Output#

Message was sent successfully.

mirror-investigation#


Mirrors the Cortex XSOAR/Cortex XSIAM investigation to the specified Microsoft Teams channel. Supports only standard channels.

Note: Mirrored channels could be used to run Cortex XSOAR/Cortex XSIAM built-in commands.

Base Command#

mirror-investigation

Required Permissions#

GroupMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.ReadBasic.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.Create - Application (Client Credentials) / Delegated (Authorization Code)

Channel.Delete.All - Application (Client Credentials) / Delegated (Authorization Code)

Input#
Argument NameDescriptionRequired
mirror_typeThe mirroring type. Can be "all", which mirrors everything, "chat", which mirrors only chats (not commands), or "none", which stops all mirroring. Possible values are: all, chat, none. Default is all.Optional
autocloseWhether to auto-close the channel when the incident is closed in Cortex XSOAR. If "true", the channel will be auto-closed. Possible values are: true, false. Default is true.Optional
directionThe mirroring direction. Possible values are: Both, FromDemisto, ToDemisto. Default is both.Optional
teamThe team in which to mirror the Cortex XSOAR investigation. If not specified, the default team configured in the integration parameters will be used.Optional
channel_nameThe name of the channel. The default is "incident-INCIDENTID".Optional
Context Output#

There is no context output for this command.

Command Example#

!mirror-investigation mirror_type=all autoclose=true direction=Both

Human Readable Output#

Investigation mirrored successfully in channel incident-100.

close-channel#


Deletes the specified Microsoft Teams channel.

Base Command#

close-channel

Required Permissions#

GroupMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.ReadBasic.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.Delete.All - Application (Client Credentials) / Delegated (Authorization Code)

Input#
Argument NameDescriptionRequired
channelThe name of the channel to close.Optional
teamThe channel's team.Optional
Context Output#

There is no context output for this command.

Command Example#

!close-channel channel="example channel"

Human Readable Output#

Channel was successfully closed.

microsoft-teams-integration-health#


Returns real-time and historical data on the integration status.

Base Command#

microsoft-teams-integration-health

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-integration-health

Human Readable Output#

Microsoft API Health#

Bot Framework API HealthGraph API Health
OperationalOperational

No mirrored channels.

microsoft-teams-ring-user#


Rings a user's Teams account. Note: This is a ring only! no media will play in case the generated call is answered.

Base Command#

microsoft-teams-ring-user

Required Permissions#

User.Read.All - Application

Calls.Initiate.All - Application

Input#
Argument NameDescriptionRequired
usernameThe display name of the member to call.Required
Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-ring-user username="Avishai Brandeis"

Human Readable Output#

Calling Avishai Brandeis

microsoft-teams-add-user-to-channel#


Adds a member (user) to a private/shared channel. For a comparison of Teams features for each channel type, see the Microsoft documentation: Channel feature comparison.

Base Command#

microsoft-teams-add-user-to-channel

Required Permissions#

User.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

ChannelMember.ReadWrite.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.ReadBasic.All - Application (Client Credentials) / Delegated (Authorization Code)

GroupMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Input#
Argument NameDescriptionRequired
channelThe channel to which to add the member.Required
teamThe channel's team.Required
memberThe display name of the member to add to the channel.Required
ownerWhether to add the member with the owner role. Default is 'false'Optional
Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-add-user-to-channel channel="example channel" member=itayadmin team=DemistoTeam

Human Readable Output#

The User "itayadmin" has been added to channel "example channel" successfully.

microsoft-teams-create-channel#


Creates a new channel in a Microsoft Teams team. For more information about the channels types, see the Microsoft documentation: standard, private, or shared channels See also Channel feature comparison.

Base Command#

microsoft-teams-create-channel

Required Permissions#

User.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

GroupMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.Create - Application (Client Credentials) / Delegated (Authorization Code)

Input#
Argument NameDescriptionRequired
channel_nameThe name of the channel.Required
descriptionThe description of the channel.Optional
teamThe team in which to create the channel.Required
membership_typeThe type of the channel. Possible values are: private, standard, shared. Default is standard.Optional
owner_userThe channel owner (Display name/mail/UPN)Optional
Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-create-channel channel_name="example channel" team=DemistoTeam description="this is my new channel"

Human Readable Output#

The channel "example channel" was created successfully

microsoft-teams-create-meeting#


Creates a new meeting in Microsoft Teams.

Base Command#

microsoft-teams-create-meeting

Required Permissions#

OnlineMeetings.ReadWrite.All - Application (Client Credentials)

OnlineMeetings.ReadWrite - Delegated (Authorization Code)

When using Client Credentials Flow: Besides setting up this permission, in order to create a meeting, the Azure admin needs to configure application access policy and grant users permissions to create meetings. The script ConfigureAzureApplicationAccessPolicy was created to support the needed commands. For more information: Allow applications to access online meetings on behalf of a user

When using Authorization Code Flow: The authentication process is conducted on behalf of the specific user who initiated the login request. Therefore, the given member must be the same user.

Input#
Argument NameDescriptionRequired
start_timeThe meeting start time in ISO 8601 format e.g., "2019-07-12T14:30:34.2444915-07:00".Optional
end_timeThe meeting end time in ISO 8601 format e.g., "2019-07-12T14:30:34.2444915-07:00".Optional
subjectThe meeting subject.Required
memberDisplay name/mail/UPN of user who created the meeting, e.g., Adam Smith.Required
Context Output#
PathTypeDescription
MicrosoftTeams.CreateMeeting.creationDateTimeDateMeeting creation time.
MicrosoftTeams.CreateMeeting.threadIdStringMeeting thread ID.
MicrosoftTeams.CreateMeeting.messageIdStringMeeting message ID.
MicrosoftTeams.CreateMeeting.idStringMeeting ID.
MicrosoftTeams.CreateMeeting.joinWebUrlStringThe URL to join the meeting.
MicrosoftTeams.CreateMeeting.participantIdStringThe meeting participants.
MicrosoftTeams.CreateMeeting.participantDisplayNameStringThe display name of the participants.
Command Example#

!microsoft-teams-create-meeting member="example user" subject="Important meeting"

Human Readable Output#

The meeting "Important meeting" was created successfully

microsoft-teams-user-remove-from-channel#


Removes a member (user) from a private/shared channel.

Base Command#

microsoft-teams-user-remove-from-channel

Required Permissions#

GroupMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.ReadBasic.All - Application (Client Credentials) / Delegated (Authorization Code)

ChannelMember.ReadWrite.All - Application (Client Credentials) / Delegated (Authorization Code)

Input#
Argument NameDescriptionRequired
channel_nameThe name of the channel.Required
teamThe name of the channel's team.Required
memberThe display name of the member to remove from the channel.Required
Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-user-remove-from-channel channel_name="example channel" member=itayadmin team=DemistoTeam

Human Readable Output#

The User "itayadmin" has been removed from channel "example channel" successfully.

microsoft-teams-channel-user-list#


Retrieves a list of members from a channel.

Base Command#

microsoft-teams-channel-user-list

Required Permissions#

GroupMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Channel.ReadBasic.All - Application (Client Credentials) / Delegated (Authorization Code)

ChannelMember.Read.All - Application (Client Credentials) / Delegated (Authorization Code)

Input#
Argument NameDescriptionRequired
channel_nameThe name of the channel.Required
teamThe name of the channel's team.Required
Context Output#
PathTypeDescription
MicrosoftTeams.ChannelList.channelIdStringThe channel ID.
MicrosoftTeams.ChannelList.channelNameStringThe name of the channel.
MicrosoftTeams.ChannelList.members.displayNameStringThe display name of the members.
MicrosoftTeams.ChannelList.members.emailStringThe email of the members.
MicrosoftTeams.ChannelList.members.idStringThe ID of the members.
MicrosoftTeams.ChannelList.members.rolesStringThe roles of the members.
MicrosoftTeams.ChannelList.members.tenantIdStringThe tenant ID of the members.
MicrosoftTeams.ChannelList.members.userIdStringThe user ID of the members.
MicrosoftTeams.ChannelList.members.visibleHistoryStartDateTimeStringThe timestamp denoting how far back a conversation's history is shared with the conversation member.
Command Example#

!microsoft-teams-channel-user-list channel_name="example channel" team=DemistoTeam

Human Readable Output#
Channel 'example channel' Members List#
User IdEmailTenant IdMembership idUser rolesDisplay NameStart DateTime
359d2c3c-162b-414c-b2eq-386461e5l050test@gmail.compbae9ao6-01ql-249o-5me3-4738p3e1m941MmFiOWM3OTYtMjkwMi00NWY4LWI3MTItN2M1YTYzY2Y0MWM0IyNlZWY5Y2IzNi0wNmRlLTQ2OWItODdjZC03MGY0Y2JlMzJkMTQ=owneritayadmin0001-01-01T00:00:00Z

Chat Commands#

microsoft-teams-chat-create#


Creates a new chat.

Notes:

  • Only one oneOnOne chat can exist between two members. If a oneOnOne chat already exists, it will be returned.
  • This command works with the consent user, not with the bot. Which means, the chat is created between the consent user and the user provided in the command's argument.
  • This command may fail if the bot app has not yet appeared in the "built for your org" section in teams.
Base Command#

microsoft-teams-chat-create

Required Permissions#

User.Read.All - Delegated

Chat.Create - Delegated

AppCatalog.Read.All - Delegated

TeamsAppInstallation.ReadWriteSelfForChat - Delegated

Input#
Argument NameDescriptionRequired
chat_typeSpecifies the type of chat. Possible values are: group, oneOnOne. Default is group.Required
memberDisplay name/mail/UPN of user that should be added to the chat. Can be an array.Optional
chat_nameThe title of the chat. The chat title can be provided only if the chat is of group type.Optional
Context Output#
PathTypeDescription
MicrosoftTeams.ChatList.chatIdStringThe chat's unique identifier.
MicrosoftTeams.ChatList.topicStringSubject or topic for the chat. Only available for group chats.
MicrosoftTeams.ChatList.createdDateTimeStringDate and time at which the chat was created.
MicrosoftTeams.ChatList.lastUpdatedDateTimeStringDate and time at which the chat was renamed or list of members were last changed.
MicrosoftTeams.ChatList.chatTypeStringSpecifies the type of chat.
MicrosoftTeams.ChatList.webUrlStringThe URL for the chat in Microsoft Teams. The URL should be treated as an opaque blob, and not parsed.
MicrosoftTeams.ChatList.tenantIdStringThe identifier of the tenant in which the chat was created.
MicrosoftTeams.ChatList.viewpointStringRepresents caller-specific information about the chat, such as last message read date and time.
MicrosoftTeams.ChatList.onlineMeetingInfoStringRepresents details about an online meeting. If the chat isn't associated with an online meeting, the property is empty.
Command Example#

!microsoft-teams-chat-create chat_type=group member="itayadmin, Bruce Willis" chat_name="example chat"

Human Readable Output#
The chat 'example chat' was created successfully#
Chat IdChat nameCreated Date TimeLast Updated Date TimewebUrlTenant Id
19:2da4c29f6d7041eca70b638b43d45437@thread.v2example chat2023-01-08T07:51:53.07Z2023-01-08T07:51:53.07ZwebUrlpbae9ao6-01ql-249o-5me3-4738p3e1m941

microsoft-teams-message-send-to-chat#


Sends a new chat message in the specified chat.

Notes:

  • This command works with the consent user, not with the bot. Which means, the message is sent to the given chat by the consent user, not the bot.
  • This command will fail if the consent user is not a member of the destination chat.
  • This command may fail if the bot app has not yet appeared in the "built for your org" section in teams.
  • This command can only send messages from type 'message'
Base Command#

microsoft-teams-message-send-to-chat

Required Permissions#

User.Read.All - Delegated

Chat.ReadBasic - Delegated

Chat.Create - Delegated

ChatMessage.Send - Delegated

AppCatalog.Read.All - Delegated

TeamsAppInstallation.ReadWriteSelfForChat - Delegated

Note: Chat.Create is needed only when sending to one-on-one chats.

Input#
Argument NameDescriptionRequired
chatThe chat ID / group chat name (topic) / oneOnOne member (Display name/mail/UPN). Note - the consent user must be a member of the chat.Required
contentThe content of the chat message.Required
content_typeThe message content type. Possible values are: text, html. Default is text.Optional

Context Output#

PathTypeDescription
MicrosoftTeams.ChatList.chatIdStringThe chat's unique identifier.
MicrosoftTeams.ChatList.messages.idStringUnique ID of the message.
MicrosoftTeams.ChatList.messages.replyToIdStringID of the parent chat message or root chat message of the thread.
MicrosoftTeams.ChatList.messages.etagStringVersion number of the chat message.
MicrosoftTeams.ChatList.messages.messageTypeStringThe type of chat message.
MicrosoftTeams.ChatList.messages.createdDateTimeStringTimestamp of when the chat message was created.
MicrosoftTeams.ChatList.messages.lastModifiedDateTimeStringTimestamp when the chat message is created (initial setting) or modified, including when a reaction is added or removed.
MicrosoftTeams.ChatList.messages.lastEditedDateTimeStringTimestamp when edits to the chat message were made. Triggers an "Edited" flag in the Teams UI. If no edits are made the value is null.
MicrosoftTeams.ChatList.messages.deletedDateTimeStringTimestamp at which the chat message was deleted, or null if not deleted.
MicrosoftTeams.ChatList.messages.subjectStringThe subject of the chat message, in plaintext.
MicrosoftTeams.ChatList.messages.summaryStringSummary text of the chat message that could be used for push notifications and summary views or fall back views.
MicrosoftTeams.ChatList.messages.chatIdStringIf the message was sent in a chat, represents the identity of the chat.
MicrosoftTeams.ChatList.messages.importanceStringThe importance of the chat message.
MicrosoftTeams.ChatList.messages.localeStringLocale of the chat message set by the client.
MicrosoftTeams.ChatList.messages.webUrlStringLink to the message in Microsoft Teams.
MicrosoftTeams.ChatList.messages.channelIdentityStringIf the message was sent in a channel, represents identity of the channel.
MicrosoftTeams.ChatList.messages.policyViolationStringDefines the properties of a policy violation set by a data loss prevention (DLP) application.
MicrosoftTeams.ChatList.messages.eventDetailStringIf present, represents details of an event that happened in a chat, a channel, or a team, for example, adding new members.
MicrosoftTeams.ChatList.messages.fromStringDetails of the sender of the chat message.
MicrosoftTeams.ChatList.messages.bodyStringPlaintext/HTML representation of the content of the chat message. Representation is specified by the contentType inside the body.
MicrosoftTeams.ChatList.messages.attachmentsStringReferences to attached objects like files, tabs, meetings etc.
MicrosoftTeams.ChatList.messages.mentionsStringList of entities mentioned in the chat message.
MicrosoftTeams.ChatList.messages.reactionsStringReactions for this chat message (for example, Like).
Command Example#

!microsoft-teams-message-send-to-chat chat="example chat" content="Hello World"

Human Readable Output#

Message was sent successfully in the 'example chat' chat#

Chat IdCreated DateTimeEtagFrom userFrom user idFrom user userIdentityTypeImportanceMessage ContentMessage TypeMessage contentTypeMessage idlastModified DateTime
19:2da4c29f6d7041eca70b638b43d45437@thread.v22021-03-29T04:17:43.15Z1616991463150itayadmin8ea0e38b-efb3-4757-924a-5f94061cf8c2aadUsernormalHello Worldmessagetext16169914631502021-03-29T04:17:43.15Z

microsoft-teams-chat-add-user#


Adds a member (user) to a group chat.

Notes:

  • This command works with the consent user, not with the bot. Which means, the member will be added to the given chat by the consent user, not the bot.
  • This command will fail if the consent user is not a member of the destination chat.

Base Command#

microsoft-teams-chat-add-user

Required Permissions#

Chat.ReadBasic - Delegated

ChatMember.ReadWrite - Delegated

Input#

Argument NameDescriptionRequired
chatThe chat ID or group chat name (topic) to which to add the member. Note - the consent user must be a member of the chat.Required
memberDisplay name/mail/UPN of user that should be added to the chat. Can be an array.Required
share_historyWhether to share the whole history of the chat. Possible values are: true, false. Default is True.Optional

Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-chat-add-user chat="example chat" member="Bruce Willis" share_history=false

Human Readable Output#

The User "Bruce Willis" has been added to chat "example chat" successfully.

microsoft-teams-chat-member-list#


Retrieves a list of members from a chat.

Notes:

  • This command works with the consent user, not with the bot. Which means, that the chat must include the consent user.

Base Command#

microsoft-teams-chat-member-list

Required Permissions#

User.Read.All - Delegated

Chat.ReadBasic - Delegated

Input#

Argument NameDescriptionRequired
chatThe chat ID / group chat name (topic) / oneOnOne Member (Display name/mail/UPN). Note - the consent user must be a member of the chat.Required

Context Output#

PathTypeDescription
MicrosoftTeams.ChatList.chatIdStringThe chat's unique identifier.
MicrosoftTeams.ChatList.members.displayNameStringThe display name of the members.
MicrosoftTeams.ChatList.members.emailStringThe email of the members.
MicrosoftTeams.ChatList.members.idStringThe ID of the members.
MicrosoftTeams.ChatList.members.rolesStringThe roles of the members.
MicrosoftTeams.ChatList.members.tenantIdStringThe tenant ID of the members.
MicrosoftTeams.ChatList.members.userIdStringThe user ID of the members.
MicrosoftTeams.ChatList.members.visibleHistoryStartDateTimeStringThe timestamp denoting how far back a conversation's history is shared with the conversation member.
Command Example#

!microsoft-teams-chat-member-list chat="example chat"

Human Readable Output#

Chat "example chat" Members List#

User IdUser rolesNameEmailTenant Id
359d2c3c-162b-414c-b2eq-386461e5l050owneritayadmintest@gmail.comdcd219dd-bc68-4b9b-bf0b-4a33a796be35
48d31887-5fad-4d73-a9f5-3c356e68a038ownerBruce Willistest@gmail.comdcd219dd-bc68-4b9b-bf0b-4a33a796be35

microsoft-teams-chat-list#


Retrieves a list of chats that the consent user is a member of. If 'chat' is specified - retrieves this chat only.

Base Command#

microsoft-teams-chat-list

Required Permissions#

User.Read.All - Delegated

Chat.ReadBasic - Delegated

Input#

Argument NameDescriptionRequired
chatThe chat ID / group chat name (topic) / oneOnOne member (Display name/mail/UPN). Note - the consent user must be a member of the chat.Optional
filterFilters results. For example: topic eq 'testing'. For more query examples, see https://learn.microsoft.com/en-us/graph/filter-query-parameter?tabs=http.Optional
expandExpands the results to include members or lastMessagePreview properties. Possible values are: members, lastMessagePreview.Optional
limitThe number of results to retrieve. Default is 50.Optional
next_linkA link that specifies a starting point to use for subsequent calls.Optional
page_sizeNumber of results to return per page. Default is 50.Optional

Context Output#

PathTypeDescription
MicrosoftTeams.ChatList.chatIdStringThe chat's unique identifier.
MicrosoftTeams.ChatList.topicStringSubject or topic for the chat. Only available for group chats.
MicrosoftTeams.ChatList.createdDateTimeStringDate and time at which the chat was created.
MicrosoftTeams.ChatList.lastUpdatedDateTimeStringDate and time at which the chat was renamed or list of members were last changed.
MicrosoftTeams.ChatList.chatTypeStringSpecifies the type of chat.
MicrosoftTeams.ChatList.webUrlStringThe URL for the chat in Microsoft Teams. The URL should be treated as an opaque blob, and not parsed.
MicrosoftTeams.ChatList.tenantIdStringThe identifier of the tenant in which the chat was created.
MicrosoftTeams.ChatList.viewpointStringRepresents caller-specific information about the chat, such as last message read date and time.
MicrosoftTeams.ChatList.onlineMeetingInfoStringRepresents details about an online meeting. If the chat isn't associated with an online meeting, the property is empty.
MicrosoftTeams.ChatListNextLinkStringUsed if an operation returns partial results. If a response contains a NextLink element, its value specifies a starting point to use for subsequent calls.
Command Example#

!microsoft-teams-chat-list filter="topic eq 'testing'"

Human Readable Output#

Chats List#

Chat IdChat nameCreated Date TimeLast Updated Date TimeChat TypewebUrlTenant IdLast Message Read Date Time
19:561082c0f3f847a58069deb8eb300807@thread.v2testing2023-01-08T14:15:45.412Z2023-01-08T14:15:45.412ZgroupwebUrltenantId2023-01-08T14:16:48.662Z
19:2da4c29f6d7041eca70b638b43d45437@thread.v2testing2022-12-29T11:10:49.173Z2022-12-29T11:10:49.173ZgroupwebUrltenantId2022-12-29T12:00:07.317Z

microsoft-teams-chat-message-list#


Retrieves a list of messages in a chat.

Notes:

  • This command works with the consent user, not with the bot. Which means, that the chat must include the consent user.

Base Command#

microsoft-teams-chat-message-list

Required Permissions#

User.Read.All - Delegated

Chat.Read - Delegated

Input#

Argument NameDescriptionRequired
chatThe chat ID / group chat name (topic) / oneOnOne member (Display name/mail/UPN). Note - the consent user must be a member of the chat.Required
limitThe number of results to retrieve. Default is 50.Optional
order_byOrders results by lastModifiedDateTime (default) or createdDateTime in descending order. Possible values are: lastModifiedDateTime, createdDateTime. Default is lastModifiedDateTime.Optional
next_linkA link that specifies a starting point to use for subsequent calls.Optional
page_sizeNumber of results to return per page. Default is 50.Optional

Context Output#

PathTypeDescription
MicrosoftTeams.ChatList.chatIdStringThe chat's unique identifier.
MicrosoftTeams.ChatList.messages.idStringUnique ID of the message.
MicrosoftTeams.ChatList.messages.replyToIdStringID of the parent chat message or root chat message of the thread.
MicrosoftTeams.ChatList.messages.etagStringVersion number of the chat message.
MicrosoftTeams.ChatList.messages.messageTypeStringThe type of chat message.
MicrosoftTeams.ChatList.messages.createdDateTimeStringTimestamp of when the chat message was created.
MicrosoftTeams.ChatList.messages.lastModifiedDateTimeStringTimestamp when the chat message is created (initial setting) or modified, including when a reaction is added or removed.
MicrosoftTeams.ChatList.messages.lastEditedDateTimeStringTimestamp when edits to the chat message were made. Triggers an "Edited" flag in the Teams UI. If no edits are made the value is null.
MicrosoftTeams.ChatList.messages.deletedDateTimeStringTimestamp at which the chat message was deleted, or null if not deleted.
MicrosoftTeams.ChatList.messages.subjectStringThe subject of the chat message, in plaintext.
MicrosoftTeams.ChatList.messages.summaryStringSummary text of the chat message that could be used for push notifications and summary views or fall back views.
MicrosoftTeams.ChatList.messages.chatIdStringIf the message was sent in a chat, represents the identity of the chat.
MicrosoftTeams.ChatList.messages.importanceStringThe importance of the chat message.
MicrosoftTeams.ChatList.messages.localeStringLocale of the chat message set by the client.
MicrosoftTeams.ChatList.messages.webUrlStringLink to the message in Microsoft Teams.
MicrosoftTeams.ChatList.messages.channelIdentityStringIf the message was sent in a channel, represents identity of the channel.
MicrosoftTeams.ChatList.messages.policyViolationStringDefines the properties of a policy violation set by a data loss prevention (DLP) application.
MicrosoftTeams.ChatList.messages.eventDetailStringIf present, represents details of an event that happened in a chat, a channel, or a team, for example, adding new members.
MicrosoftTeams.ChatList.messages.fromStringDetails of the sender of the chat message.
MicrosoftTeams.ChatList.messages.bodyStringPlaintext/HTML representation of the content of the chat message. Representation is specified by the contentType inside the body.
MicrosoftTeams.ChatList.messages.attachmentsStringReferences to attached objects like files, tabs, meetings etc.
MicrosoftTeams.ChatList.messages.mentionsStringList of entities mentioned in the chat message.
MicrosoftTeams.ChatList.messages.reactionsStringReactions for this chat message (for example, Like).
MicrosoftTeams.MessageListNextLinkStringUsed if an operation returns partial results. If a response contains a NextLink element, its value specifies a starting point to use for subsequent calls.
Command Example#

!!microsoft-teams-chat-message-list chat="example chat" order_by=createdDateTime

Human Readable Output#

Messages list in "example chat" chat#

Chat IdCreated DateTimeEtagFrom userFrom user idFrom user userIdentityTypeImportanceMessage ContentMessage TypeMessage contentTypeMessage idlastModified DateTime
19:2da4c29f6d7041eca70b638b43d45437@thread.v22021-03-29T04:17:43.15Z1616991463150itayadmin8ea0e38b-efb3-4757-924a-5f94061cf8c2aadUsernormalHello Worldmessagetext16169914631502021-03-29T04:17:43.15Z

microsoft-teams-chat-update#


Updates the chat name. It can only be set for group chats.

Notes:

  • This command works with the consent user, not with the bot. Which means, that the chat must include the consent user.

Base Command#

microsoft-teams-chat-update

Required Permissions#

User.Read.All - Delegated

Chat.ReadWrite - Delegated

Input#

Argument NameDescriptionRequired
chatThe chat ID / group chat name (topic). Note - the consent user must be a member of the chat.Required
chat_nameThe new chat name. Maximum length is 250 characters. Use of ':' is not allowed.Required

Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-chat-update chat="example chat" chat_name="update chat_name"

Human Readable Output#

The name of chat 'example chat' has been successfully changed to 'update chat_name'.

microsoft-teams-auth-test#


Tests the connectivity to MicrosoftTeams.

Base Command#

microsoft-teams-auth-test

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-auth-test

Human Readable Output#

✅ Success!

microsoft-teams-generate-login-url#


Generate the login url used for Authorization code flow.
Note: Authorization codes are short-lived. Typically, they expire after about 10 minutes.

Base Command#

microsoft-teams-generate-login-url

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command example#

!microsoft-teams-generate-login-url

Human Readable Output#

Authorization instructions#

  1. Click on the login URL to sign in and grant Cortex XSOAR permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
  2. Copy the AUTH_CODE (without the code= prefix, and the session_state parameter) and paste it in your instance configuration under the Authorization code parameter.

microsoft-teams-auth-reset#


Run this command if for some reason you need to rerun the graph authentication process. Notes:

  • After making changes to permissions in the Azure Portal, reset the authentication to ensure that the token reflects the updated permissions.
  • This command is triggered automatically when an authentication flow type switch is detected. The auto resetting ensures the integration uses the appropriate token.
  • When switching the authentication type to the Authorization Code Flow, this command will be triggered automatically. Then you will need to regenerate the Authorization code parameter by running the microsoft-teams-generate-login-url command, and to verify the authentication by running the !microsoft-teams-auth-test command.

Base Command#

microsoft-teams-auth-reset

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

microsoft-teams-token-permissions-list#


Retrieves the API permissions associated with the used graph access token.

Use this command if you encounter insufficient permissions error when attempting to execute an integration command. Compare the permissions list obtained for the token with the permissions required for the desired command (can be found in the integration documentation). If there are missing API permissions, add them to your application, and then run the microsoft-teams-auth-reset command (as described here - microsoft-teams-auth-reset docs).

Base Command#

microsoft-teams-token-permissions-list

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-token-permissions-list

Human Readable Output#

The API permissions obtained for the used graph access token are#

Permission
Group.ReadWrite.All
User.Read.All
Channel.Create

microsoft-teams-create-messaging-endpoint#


Generates the messaging endpoint, based on the server URL, the server version, and the instance configurations.

The messaging endpoint should be added to the Demisto bot configuration in Microsoft Teams as part of the prerequisites of the integration's setup. For more information see - Integration Documentation.

Base Command#

microsoft-teams-create-messaging-endpoint

Input#
Argument NameDescriptionRequired
engine_urlIf your instance configuration involves a Cortex XSOAR engine, provide the engine's IP (or DNS name) and the port in use in the following format - https://IP:port or http://IP:port. For example - https://my-engine.name:443, http://1.1.1.1:443.Optional
Context Output#

There is no context output for this command.

Command Example#

!microsoft-teams-create-messaging-endpoint

Human Readable Output#

The messaging endpoint is#

|https://ext-viso-test.crtx-qa-uat.us.paloaltonetworks.com/xsoar/instance/execute/teams-instance

The messaging endpoint should be added to the Demisto bot configuration in Microsoft Teams as part of the prerequisites of the integration's setup. For more information see: Integration Documentation."

microsoft-teams-message-update#


Updates a message.

Base Command#

microsoft-teams-message-update

Input#
Argument NameDescriptionRequired
message_idID of the message to update. Also referred to as Activity ID.Required
teamThe team in which the specified message exists.Optional
channelThe channel in which the specified message exists.Optional
messageThe new message content.Optional
team_memberThe team member the message to be edited was sent to.Optional
format_as_cardWhether or not an adaptive card is being updated.Optional
Context Output#
PathTypeDescription
MicrosoftTeams.Message.IDStringID of the message sent.
Command Example#

!microsoft-teams-message-update message_id=1737151779 team=MyTeam channel=General message="New message"

Human Readable Output#

Message was sent successfully.