This information has been provided by QuickHelp about how this app collects and stores organizational data and the control that your organization will have over the data the app collects.
How does the BrainStorm Microsoft Teams App handle data?
Data Handling
Data access using Microsoft Graph
For additional information see the following documentation: Microsoft Graph permissions.
Permission | Type of permission (Delegated/Application) | Is data collected? Justification for collecting it? | Is data stored? Justification for storing it? |
User.Read | delegated | To allow users to sign-in to the app and allow the app to read the profile of the currently signed-in user. | We store this data in our Azure Table storage to send personalized notifications from QH portal in MS Teams. |
User.ReadBasic.All | delegated | To allows the app to read a basic set of profile properties of other users on behalf of the signed-in user, in order to display this in the app. This includes display name, first and last name, email address and photo. | We store this data in our Azure Table storage to send personalized notifications from QH portal in MS Teams. |
Not-Microsoft services used:
QuickHelp tracks the information of users who installed the BrainStorm Microsoft Teams App to have the ability to send the personalized notifications to these end users.
Data access via bots
The BrainStorm Microsoft Teams App contains a bot or a messaging extension, that can access the personal identifiable information (PII): the roster (first name, last name, display name, email address) of users that have the app added.
1.0.5 Version
- Includes static app and one-way communication
- Bot-notifications
- All messages and link clicks in messages are tracked and associated with QuickHelp user identity
- Static App
- All links clicks are tracked without associating with user identity.
1.1.0 Version
- Currently Published
- Bot-notifications
- All messages and link clicks in messages are tracked and associated with QuickHelp user identity
- Two-way communication and search extensions
- Uses email addresses to send the personalized one-way communications
Security and Compliance
- Category: Productivity
- Privacy Policy: https://www.brainstorminc.com/legal#privacy-policy
- Terms of service: https://www.brainstorminc.com/legal
- Hosting Company: Microsoft Azure
- Data center: US
- Headquarters: US
- Logon URL: https://quickhelp.com/Login/
Identity
This information has been provided by QuickHelp about how this app handles authentication, authorization, application registration best practices, and other Identity criteria.
Information | Response |
Do you integrate with Microsoft Identify Platform (Azure AD)? | Yes |
Have you reviewed and complied with all applicable best practices outlined in the Microsoft identity platform integration checklist? | Yes |
Does your app use MSAL (Microsoft Authentication Library) for authentication? | Yes |
Does your app support Conditional Access policies? | No |
Does your app request least privilege permissions for your scenario? | Yes |
Does your app's statically registered permissions accurately reflect the permissions your app will request dynamically and incrementally? | Yes |
Does your app support multi-tenancy? | Yes |
Does your app have a confidential client? | No |
Do you own all the redirect Unified Resource Identifier (URI) registered for your app? | Yes |
For your app, what do you avoid using? | - Wildcard redirect URIs |
Does your app expose any web APIs? | No |
Does your permission model only allow calls to succeed if the client app receives the proper consent? | No |
Does your app use preview APIs? | No |
Does your app use deprecated APIs? | No |
Description of Script Steps
- Choose the authenticate flow and authenticate with Microsoft Graph
- Getting the Brainstorm AppId. graphClient.AppCatalogs.TeamsApps.Request().Filter("DisplayName eq 'BrainStorm'"). This call is optional and you can use the hardcoded Id now: 5d7b15f5-b634-49fe-9d62-88a9eb0fea3d
- Retrieving users graphClient.Users.Request(). Paging is applied and we retrieve users by chunks of 999 users. After retrieving users can be additionally filtered by domain, if we don't want to install app to all domains and include guest users.
- For each user do the following:
- Getting list of installed apps for user and determining the Brainstorm app:
- await graphClient.Users[user.Id].Teamwork.InstalledApps.Request(). Expand("teamsAppDefinition,teamsApp").
- GetAsync(); var userBrainstormApp = installedApps.FirstOrDefault(x => x.TeamsAppDefinition.DisplayName == "BrainStorm");
- If app is not installed, install it:
- var r = await graphClient.Users[user.Id].Teamwork.InstalledApps.
- Request() . AddAsync(userScopeTeamsAppInstallation);
- If app is installed, run forced upgrade. This step is required if Graph indicated that the latest app version is installed. After it the app will appear in user MS Teams client if it was absent before await graphClient.Users[user.Id].Teamwork.InstalledApps[userBrainstormApp.Id].Upgrade()
- Getting list of installed apps for user and determining the Brainstorm app:
See attached Source Code Program