You now have the ability to install the Microsoft Teams BrainStorm App across entire organization using Microsoft Office Graph.

 

Prior to starting this script, please install  and pin (optional) the BrainStorm Teams app globally prior to completing the below steps. This will ensure that any “new” users will also have the app pinned in their personal Teams. For a how to: Click HERE.

NOTE:  It is not required to configure the Microsoft Office Graph API within the QuickHelp Admin portal to complete these steps.

 

Authentication

 

This configuration is done in the Microsoft Azure portal. An Admin Microsoft Global Administrator privileges is required to complete these steps.


To perform Microsoft Graph API calls you will first need to authenticate. There are two options to authenticate within the app:


  • Client Credentials flow (recommended)
  •  or User Credentials flow.


NOTE: Both options will require creating an Azure AD App registration.

Creating the App in Azure AD

1. Go to the Azure App registrations page

2. When prompted, sign in with your global admin account credentials.

3. Click on New Registration.



4. Enter your app's name (you can name it as you wish)

5. Notate the ClientId and TenantId to be used later in this process


 

 

 

Client Credentials Flow (Recommended)

You will provide the Azure AD app Client Id/Tenant Id/Client Secret and the Admin will need to grant the application permissions for Azure AD app. 


1. Click API permissions from the left-hand column

2. Click Add a permission


3. Click Microsoft APIs > Microsoft Graph



 

4. Choose Application permissions


 

5. Add &/or check required permissions

  1. Verify that all of the following permissions are checked

 

NOTE: These permissions are required to list organization users, read app from app catalog, and install/upgrade the teams app.

NOTE: If all of any of these permissions do not display within your tenant, you may skip them.

 

Application (for Client credentials flow)

TeamsAppInstallation.ReadForUser.All,

TeamsAppInstallation.ReadWriteSelfForUser.All,

TeamsAppInstallation.ReadWriteForUser.All

User.Read.All, 

User.ReadWrite.All, 

AppCatalog.Read.All, 

AppCatalog.ReadWrite.All, 

User.ReadBasic.All



 

6. Click SAVE

7. Click 'Grant admin consent for <Organization>'

 

 

8. Click 'Certificates & secrets' from the left-hand column

9. Click New client secret

10. Enter a Description

11. Notate the secret value (not secret ID)  to be used later in this process


NOTE: For security reasons, you will want to keep safe and not share the ClientId nor the ClientSecret with anyone

 

 

12. Select Expiration Date

13. Click Add

 

If completed Client Credentials Flow Skip to Platform Configuration (step 14 below)


User Credentials Flow

You will provide the Azure AD app ClientID and authentication with organization admin credentials


1. Click API permissions

2. Click Add a permission



3. Click Microsoft APIs > Microsoft Graph



4. Choose Delegated permissions.


5. Add &/or check required permissions

  1. Verify that all of the following permissions are checked


NOTE : These permissions are required to list organization users, read app from app catalog, and install/upgrade the teams app.

 

Delegated (for user credentials flow)

TeamsAppInstallation.ReadForUser, 

TeamsAppInstallation.ReadWriteSelfForUser,

TeamsAppInstallation.ReadWriteForUser

AppCatalog.Read.All, 

AppCatalog.ReadWrite.All, 

User.Read, User.ReadWrite, 

User.ReadBasic.All, 

User.Read.All, 

User.ReadWrite.All

 

 

6. Click SAVE


Platform Configuration


14. Click Authentication from the left-hand column

15. Click Add a platform

 

16. Click Mobile and desktop application

 

17. Check all suggested URLs

18. Add http://localhost in the custom redirect URIs field

19. Click Configure


 

Install Application

  1. Download and unzip the package  (Attached at the bottom of this document)
  1. Run MSTeams-Install.exe

 

 

NOTE : If there are some errors, download and install .Net Framework 4.7.2 Runtime: https://dotnet.microsoft.com/download/dotnet-framework/net472

 

Run application

1. Choose the authentication option

2. For Client Credentials Flow:

  1. Fill in clientId (ApplicationID), tenantId (DirectoryID), ClientSecret (SecretValue ID)

 

 

3. Input the email domain for your organization users. This is required to skip the guest users in organization AD and not update this package for them.


e.g.: if user email is user@brainstorminc.com - input brainstorminc.com. Doing this, the Teams App will be applied to all users with brainstorminc.com domain in your tenant.



NOTE : If you have more than one domain, you will need to input them separately and you will need to use the correct version in the Zip Files attached at the bottom of this document.


 4. For User Credentials Flow: 

  1. Input clientId and authenticate using your organization Global Admin credentials


5. After the script has completed the installation, you will receive an 'Installation completed' message.

 

Exception cases:

1. There are times when an error may occur during this upgrade for a particular user. The app will ask you to retry the installation for this user. Input ‘y' to retry or ‘n’ to skip this user and continue installation for others. 

 

 

NOTE : After 3 tries for an individual user, input an 'n' to proceed with the installation for other users.

2. There may be users that will still see the older version of the BrainStorm Teams App (1.0.4) or will not see the app at all. This is due to Microsoft Teams having a local cache. If your users will Restart/Re-login/Clear local Microsoft Teams cache, this should resolve the problem.


NOTE : These users will still be able to be notified even if the old version is shown. 

3. It may take few minutes (3-4) to mark users with Teams checkbox in the QuickHelp Admin Portal after app has been installed.


NOTE : If, there are users that have received the new version of BrainStorm Teams App, but are not marked with Teams checkbox, please open a ticket with support@quickhelp.com to resolve.