: Onboard a Microsoft Teams App to SSPM
Focus
Focus

Onboard a Microsoft Teams App to SSPM

Table of Contents

Onboard a Microsoft Teams App to SSPM

Connect a Microsoft Teams instance to SSPM to detect posture risks.
To detect posture risks in your Microsoft Teams instance, SSPM connects to the instance by using information that you provide. Once SSPM connects, it scans the Microsoft Teams instance for misconfigured settings and will continue to run scans at regular intervals.
There are two ways to onboard a Microsoft Teams app, depending on how you want SSPM to scan your Microsoft Teams instance. Review the following information about these two methods of scanning to decide which one you want SSPM to use. Before you onboard Microsoft Teams to SSPM, there are certain actions you must take and certain information you must gather. These actions will differ depending on the method you choose.
  • You can onboard a Microsoft Teams App for scans that use the Microsoft Graph API. To enable SSPM to access the Microsoft Graph API, you create a client application in Azure Active Directory (AD) with the necessary permissions, and allow access to the application to users in your organization. During onboarding, you will supply SSPM with Microsoft credentials for a user in the organization with the necessary permissions. You will also supply the Client ID of the Azure AD application. SSPM uses this information in a PowerShell call to connect to the Microsoft Graph API. The account that you use for onboarding cannot require MFA.
    This approach uses a published API.
  • You can onboard a Microsoft Teams App for scans that use data extraction (also known as web scraping). To perform this data extraction, SSPM logs in to Microsoft Teams by using an administrator account. You can have SSPM access the account directly or through the Okta or Microsoft Azure identity providers. If SSPM will be logging in to the administrator account directly, then the account cannot be configured for MFA. If SSPM will be accessing the account through Okta or Microsoft Azure, then MFA is required. During onboarding, you will provide SSPM with the administrator credentials. If SSPM will connect to the account through an identity provider, you will also specify the information that SSPM needs for MFA.
    This data-extraction approach scans more Microsoft Teams settings compared to the Microsoft Graph API approach.