Generating a certificate valid for 2 years:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 730 -nodes -subj "/C=FR/L=Paris/O=Example/CN=myproject.teamsapp"Getting the fingerprint:
openssl x509 -in cert.pem -noout -sha256 -fingerprintCreating a PEM-ended certificate with both private and public key:
cat cert.pem key.pem > user.pemBefore running the commands below, please make sure that you have a cert.pem file on the root of the projet (generated in the previous step).
azd auth login
azd provisionSet environment variables:
MicrosoftAppId=APP_REGISTRATION_CLIENT_ID
MicrosoftAppTenantId=AZURE_TENANT_ID
MicrosoftAppCertificateThumbprint=FINGERPRINT_OF_CERT_DOT_PEM
MicrosoftAppCertificatePrivateKey=CONTENTS_OF_KEY_DOT_PEMUpdate the src/teams-app/config.py file and make sure the following variables point to the private certificate:
APP_CERTIFICATE_PRIVATE_KEY: contents of the pem-encoded private key in text formatAPP_CERTIFICATE_PRIVATE_KEY_BINARY: contents of the pem-encoded private key + public key in binary format
Run the application:
cd src/teams-app
python3 app.pyThe bot must be publicly reachable. For testing purposes, if you do not have a public IP, you can use a dev tunnel using the command:
devtunnel host -p 3978 --allow-anonymousYou can find more details about dev tunnels in the Get started guide.
Lastly, you need to update the url of the Messaging endpoint of the bot in the Configuration blade of your Bot service resource.
With a devtunnel, the url will look like https://__DEVTUNNEL_SLUG__.uks1.devtunnels.ms/api/messages.
To quickly test the bot, you can leverage the Test in Web Chat blade of your Bot service resource.
Alternatively, you can use the m365agentsplayground by following the local testing guide.
To distribute the Teams app to other users in the tenant, you will need to create a package holding the App manifest and the required icons at least.
To get started quickly, please update the files in the directory appManifest mainly with your App ID and then zip the contents with the following command (the zip must not have folders, it should directly contain the files):
zip appManifest.zip manifest.json outline.png color.pngYou should now share this package with your Teams administrator so that they can install the App and make it available to others in the organization.
This Teams app requires Graph API permissions in order to fetch previous messages in the conversation, mainly for Group chats and Team channels.
As configured right now, this will require an admin approval to grant these permissions in the App registration in Entra ID.
If this feature is not needed, then you can remove the extra required permissions (for the Graph API) in order to require less permissions for the Teams app.
- A Teams app deployed locally with certicates and with access to Graph API
- Handle pagination with Graph API
- Use delegated permissions instead of Application permissions to access Graph API
- Migrate to M365 Agents SDK