There are four (4) steps to successfully adding the BrainStorm Microsoft Teams App to all of your organization's users. 

This is step two (2).


Step One: Adding Permissions for the BrainStorm Teams App (Globally)

Step Two: Script to Push the BrainStorm Microsoft Teams App

Step Three: Pushing the BrainStorm Teams App to Users (Globally)

Step Four: Pinning the BrainStorm Teams App (Globally)


Microsoft has relayed that it is important to proactively install apps for all users using a Graph API. Because of this, we have created this script to assist with the installation. (see this Microsoft article: Proactive Messages)


The BrainStorm Teams App is installed globally to your entire organization via the Microsoft Teams Admin Center. 

NOTE: This step can only be completed by an O365 Global Admin.

IMPORTANT!: If you have previously installed the BrainStorm Teams app using a global policy, before running this script, see the Running Graph API Script with Existing Microsoft Teams Global Policy Installations article instead as instructions will differ.


Authentication

 

This configuration is done in the Microsoft Azure portal. An Admin Microsoft Global Administrator privileges are required to complete these steps.


To perform Microsoft Graph API calls you will first need to authenticate. 


Creating the App in Azure AD

1. Go to the Azure App registrations page

2. When prompted, sign in with your global admin account credentials.

3. Click on New Registration.



4. Enter your app's name (you can name it as you wish).

5. Note the ClientId and TenantId to be used later in this process.

 

Client Credentials Flow

You will provide the Azure AD app the Client Id/Tenant Id/Client Secret and an Admin will need to grant the application permissions for Azure AD app. 


1. Click API permissions from the left-hand column.

2. Click Add a permission.


3. Click Microsoft APIs > Microsoft Graph.



 

4. Choose Application permissions.


 

5. Add &/or check required permissions.

  1. Verify that all of the following permissions are checked.

 

NOTE: These permissions are required to list organization users, read apps from app catalog, and install/upgrade the Teams app.

NOTE: If any of these permissions do not display within your tenant, you may skip them.

 

Application (for Client credentials flow)

TeamsAppInstallation.ReadForUser.All,

TeamsAppInstallation.ReadWriteSelfForUser.All,

TeamsAppInstallation.ReadWriteForUser.All

User.Read.All, 

User.ReadWrite.All, 

AppCatalog.Read.All, 

AppCatalog.ReadWrite.All, 

User.ReadBasic.All



 

6. Click SAVE.

7. Click 'Grant admin consent for <Your Organization Name>'.

 

 

8. Click 'Certificates & secrets' from the left-hand column.

9. Click New client secret.

10. Enter a Description.

11. Note the secret value (not secret ID)  to be used later in this process.


NOTE: For security reasons, you will want to keep safe and not share the ClientId nor the ClientSecret with anyone.

 

 

12. Select Expiration Date.

13. Click Add.

 

Platform Configuration


14. Click Authentication from the left-hand column.

15. Click Add a platform.

 

16. Click Mobile and desktop application.

 

17. Check all suggested URLs.

18. Add http://localhost in the custom redirect URIs field.

19. Click Configure.


 

Install Application

  1. Download and unzip the package (attached at the bottom of this document).


 

Run application


1.  Set ClientId, ClientSecret, TenantId in config.json file in app folder (SecretValue ID). 
 

NOTE: Very Important... you will need to input the secret value (not the secret ID).


2. Run MSTeams-Install.exe


 

 

3. Select the installation type: Who would you like to install the application for).

Type

Description

When to use

Requirements

1. Install for all users

Will install app to all users from organization's AD, including all guest users

To install app to all users including the guest AD users.

If App was previously installed to a global policy in Teams Admin Center, please remove that policy and then wait at least 24 hours.

2. Install for all users with a particular domain

Will install app to all users from organization's AD with particular email domain

To install the app to users with specific email domain. This option allows to skip the guest AD users.

If App was previously installed to a global policy in Team Admin Center, please remove that policy and then wait at least 24 hours.

3. Install for users from CSV

Will install app for users from CSV file.

The file should contain header ‘Email’. Each row of the file should contain the user email (not the principal name).

To install the app to users with missed checkmark from QuickHelp.

If App was previously installed to a global policy in Teams Admin Center, please remove that policy and then wait at least 24 hours.


NOTE : #2 Domain:
Specify the user email domain.

NOTE: #3 CSV:

  • The CSV only will need to have one column (email).


If you select to run from a CSV, you will then provide the path to the CSV.


4. Choose the upgrade mode.


NOTE : 

The script calls the Microsoft GraphAPI to receive the information if the app is installed for user(s).

If it indicates that app is not installed the GraphAPI will force the installation.

If it indicates that app is installed there are few possible options to handle it.

Option

Description

When can be used

1. Upgrade

It will force the upgrade the info about the app or upgrade it to the latest version in Graph API.

Used if Brainstorm releases a new version of the app and you want to force the upgrade to all users.
And/or if there are users who do not have the Teams checkmark in QuickHelp.

2. Delete

It will delete the Brainstorm Teams app from the user in Microsoft Graph.
Note: The app will be automatically reinstalled by Teams global policy right after user logs into Teams.

If option ‘1. Upgrade’ didn’t help to install the app to all organization's users and there are a lot of missed Teams checkmark in QH.

It is recommended to wait at least 2-3 days after the ‘1. Upgrade’ was run.

3. Skip

Skip the installation if Graph API indicates that app is installed.

If you want to install app to the users that are not covered by Teams global policy. 


5. Input the count of users that will be used for user batching: Recommended option is: 10


6. After the script has completed the installation, you will receive an 'Installation completed' message.

 

Exception cases:

There are times when an error may occur during this upgrade for a particular user. The app will ask you to retry the installation for this user. Input ‘y' to retry or ‘n’ to skip this user and continue installation for others. 

 

 

NOTE: After three tries for an individual user, input an 'n' to proceed with the installation for other users.


NOTE: If, there are users that have received the new version of BrainStorm Teams App, but are not marked with Teams checkbox, please open a ticket with [email protected] to resolve.

 

NOTE:  It is not required to configure the Microsoft Office Graph API within the QuickHelp Admin portal to complete these steps.


Additional Security Information

The following is a short description of all steps the script runs:
  1.  Authenticate flow and authenticate with Microsoft Graph is selected.    
  2. Gets the Brainstorm AppId. graphClient.AppCatalogs.TeamsApps.Request().Filter("DisplayName eq 'BrainStorm'"). This call is optional and you can use the hardcoded Id now: 5d7b15f5-b634-49fe-9d62-88a9eb0fea3d     
  3. Retrieves users graphClient.Users.Request(). Paging is applied and users are retrieved by chunks of 999 users. After retrieving users  can be additionally filtered by domain, if we don't want to install app to all domains and include guest users.     
  4. For each user do the following:    
    1. Getting list of installed apps for user and determining the Brainstorm Teams app:         
      1. await graphClient.Users[user.Id].Teamwork.InstalledApps.Request(). Expand("teamsAppDefinition,teamsApp"). 
      2. GetAsync(); var userBrainstormApp = installedApps.FirstOrDefault(x => x.TeamsAppDefinition.DisplayName == "BrainStorm");
                                        
    2. If app is not installed, install it:
      1. var r = await graphClient.Users[user.Id].Teamwork.InstalledApps. 
      2. Request() . AddAsync(userScopeTeamsAppInstallation);                                                                
    3. If app is installed, run forced upgrade. This step is required if Graph indicated that the latest app version is installed. After it the app will appear in user MS Teams client if it was absent before await graphClient.Users[user.Id].Teamwork.InstalledApps[userBrainstormApp.Id].Upgrade()

See attached Source Code Program