Microsoft Teams

Microsoft Teams integration allows your product to send alerts, post messages, and collaborate on incidents or vulnerabilities directly within Teams channels. This is ideal for security notifications, incident escalation, and DevSecOps coordination, allowing teams to act on findings in real time without leaving Teams. The integration uses either the Microsoft Teams Webhook (Incoming Webhook) or the Microsoft Graph API (for advanced message posting and channel management).

Credentials Needed

Depending on the level of integration you need, there are two main options:

Option 1 — Incoming Webhook (Simple Alerts):

• Teams Webhook URL (e.g., https://outlook.office.com/webhook/...)

Option 2 — Microsoft Graph API (Advanced Integration):

• Tenant ID
• Client ID (Application ID)
• Client Secret
• Azure AD App Registration (for token-based access to Teams via Microsoft Graph)

Use Incoming Webhook for one-way alerting integrations. Use Graph API with OAuth for two-way communication, dynamic channel posting, or message threading.

Permissions Needed / API Scopes

When using the Graph API, the registered app must have the following Microsoft Graph permissions:

Permission	Type	Description
Chat.ReadWrite	Delegated/Application	Read and post chat messages
ChannelMessage.Send	Application	Send messages to Teams channels
Group.ReadWrite.All	Application	Read and write Teams and channels
Team.ReadBasic.All	Application	View team metadata
Offline_access	Delegated	Enable long-lived tokens
User.Read	Delegated	Verify user context for OAuth apps

Minimum Required Permissions (for posting alerts): ChannelMessage.Send, Team.ReadBasic.All

Creating Users / Access Tokens

Option 1: Incoming Webhook (Recommended for Simplicity)

1. Open your Microsoft Teams application
2. Go to the channel where you want alerts posted
3. Click the "..." next to the channel name → Connectors
4. Search for Incoming Webhook and click Add
5. Give the webhook a name (e.g., Security Alerts)
6. (Optional) Upload an icon for the integration
7. Click Create
8. Copy the generated Webhook URL — e.g.:

   https://outlook.office.com/webhook/xxxxxxxxx@yyyyyyy/IncomingWebhook/zzzzzz

9. Store this webhook URL securely in your platform

Option 2: App Registration (Graph API Integration)

1. Go to the Azure Portal → https://portal.azure.com
2. Navigate to Azure Active Directory → App Registrations → New Registration
3. Give the app a name (e.g., TeamsIntegrationApp)
4. Choose Accounts in this organizational directory only
5. Note the Application (Client) ID and Directory (Tenant) ID
6. Go to Certificates & Secrets → New Client Secret
   • Add description, choose expiration, and save the generated secret value
7. Assign the necessary Graph API permissions under API Permissions → Microsoft Graph → Application permissions
8. Grant admin consent for the permissions
9. Now you can use the credentials to authenticate via OAuth2 and obtain an access token for API calls

Test Connectivity

Option 1 — Incoming Webhook

curl -H "Content-Type: application/json" \
     -d '{
           "title": "🚨 Security Alert",
           "text": "High-severity vulnerability detected in API Gateway."
         }' \
     "https://outlook.office.com/webhook/xxxxxxxxx@yyyyyyy/IncomingWebhook/zzzzzz"

Example Response:

1

A message will appear in your Microsoft Teams channel confirming success.

Option 2 — Microsoft Graph API

Step 1: Get OAuth Token

curl -X POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "grant_type=client_credentials&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&scope=https://graph.microsoft.com/.default"

Example Response:

{
  "token_type": "Bearer",
  "expires_in": 3599,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGci..."
}

Step 2: Post a Message

curl -X POST "https://graph.microsoft.com/v1.0/teams/<TEAM_ID>/channels/<CHANNEL_ID>/messages" \
     -H "Authorization: Bearer <ACCESS_TOKEN>" \
     -H "Content-Type: application/json" \
     -d '{
           "body": {
             "contentType": "html",
             "content": "🚨 <b>Critical Vulnerability Detected</b><br>System: Web API<br>Severity: High"
           }
         }'

Example Response:

{
  "id": "167e3b34-d7b9-4c11-a0ef-ff4c36f2b642",
  "replyToId": null,
  "etag": "00000000-0000-0000-0000-000000000000",
  "messageType": "message",
  "createdDateTime": "2025-10-13T10:35:20Z"
}

Save the Results in the Platform and Create Connection

1. In your product's integration setup, securely store:
   • TEAMS_WEBHOOK_URL (for Webhook integration)
   • or TEAMS_TENANT_ID, TEAMS_CLIENT_ID, TEAMS_CLIENT_SECRET (for Graph API integration)
2. Label the connection as Microsoft Teams Integration
3. Test by posting a sample message
4. Once verified, enable automation workflows such as:
   • Sending alerts to Teams channels
   • Notifying teams of new vulnerabilities or incidents
   • Creating collaborative threads for remediation tracking

Best Practices

• Use Incoming Webhooks for simple one-way notifications
• Use Graph API for advanced interactions (e.g., dynamic channels, message replies)
• Store secrets securely in your key vault
• Rotate secrets regularly (recommended: every 90 days)
• Use HTML formatting for rich alerts with links, bold text, and emojis
• Handle rate limits (Graph API limit: ~4 requests/second per app)
• For scalability, create one Teams channel per functional team (e.g., #security-alerts, #infra-alerts)
• Test integration in a sandbox Team before production rollout
• Include clickable links in messages to quickly navigate users to your platform

Useful Microsoft Graph API Endpoints

Resource	Method	Endpoint	Description
List Teams	GET	/v1.0/teams	List all Teams in a tenant
List Channels	GET	/v1.0/teams/{teamId}/channels	Retrieve channels for a team
Post Message	POST	/v1.0/teams/{teamId}/channels/{channelId}/messages	Send message to a channel
Reply to Message	POST	/v1.0/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies	Post threaded reply
Get Channel Details	GET	/v1.0/teams/{teamId}/channels/{channelId}	Retrieve metadata
Upload File	PUT	/v1.0/drives/{driveId}/items/{itemId}/content	Attach files to messages

Official Docs:

• Microsoft Graph API for Teams: https://learn.microsoft.com/en-us/graph/api/resources/teams-api-overview
• Incoming Webhooks: https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook

Example JSON Payload for a Formatted Alert (Webhook)

{
  "@type": "MessageCard",
  "@context": "https://schema.org/extensions",
  "summary": "Security Alert",
  "themeColor": "E81123",
  "title": "🚨 Critical Vulnerability Detected",
  "sections": [
    {
      "activityTitle": "**Service:** API Gateway",
      "activitySubtitle": "Severity: High | Detected: 2025-10-13T10:30Z",
      "facts": [
        {"name": "Environment", "value": "Production"},
        {"name": "Scanner", "value": "CloudSec Scanner"}
      ],
      "markdown": true
    }
  ],
  "potentialAction": [
    {
      "@type": "OpenUri",
      "name": "View in Platform",
      "targets": [
        {"os": "default", "uri": "https://yourplatform.com/incidents/12345"}
      ]
    }
  ]
}

Example Result: A rich adaptive card appears in the Teams channel with alert details, timestamps, and a button linking to your platform.

Example JSON Payload (Graph API)

{
  "body": {
    "contentType": "html",
    "content": "🚨 <b>New Vulnerability Alert:</b><br><br><b>System:</b> API Gateway<br><b>Severity:</b> High<br><a href='https://yourplatform.com/vulns/1234'>View Details</a>"
  }
}

Response:

{
  "id": "msg-89ab7c",
  "messageType": "message",
  "createdDateTime": "2025-10-13T12:10:00Z"
}