Microsoft Teams Bridge

Microsoft Teams Bridge is an app that connects collaborators across Rocket.Chat and Microsoft Teams. It acts as a bridge between Teams and Rocket.Chat to enable cross-platform messaging among users in an organization. This way, users can send and receive messages from their workspace or Teams account.

It supports other message formats, such as emojis, files, and links. Furthermore, operations like editing or deleting a message are also supported.

Setup Microsoft Teams Bridge

The Microsoft Teams Bridge app is only available for workspaces on version 6.1 and above.

As an administrator, ensure you have access to the Rocket.Chat admin account and Teams admin account for your organization before installing.

To install Microsoft Teams Bridge,

Go to Administration > Apps > Marketplace.
Search for the Microsoft Teams Bridge app.
Click Install. Confirm that the app is enabled.
On the Microsoft Teams Bridge App Info screen, navigate to Details > API and copy the GET auth endpoint URL.

If it's a localhost URL, exposing the localhost port to the internet requires a tunnel service like Ngrok.

Set up an Azure active directory app

Azure active directory is now Microsoft Entra ID. See the official documentation for more details.

To set up Microsoft Entra ID for your organization,

Login to Microsoft Azure portal with your organization's Teams admin account.
Find and click Microsoft Entra ID.
Click Add. Then, select App registration.
Give the app a name. Select Accounts in this organizational directory only as the Supported account type.
Select Web as the Redirect URI platform. Paste the GET auth endpoint URL you copied from the Microsoft Teams Bridge App Info as the value.
Click Register. Copy the Application (client) ID and Directory (tenant) ID shown on the overview page.
Click Add a certificate or secret > New Client Secret. Fill in the description and expiration timeline. Then, click Add.
After the client secret is created, copy the Client Secret Value.
Navigate to API permissions > Select Add a permission > Select "Microsoft Graph".
Add the set of required permissions. The table below outlines the required permissions you'll need to set.

Name	Type	Description	Requires Admin Consent
ChannelMessage.Read.All	Application	Read all channel messages	Yes
ChannelMessage.Send	Delegated	Send channel messages	No
ChannelMessage.UpdatePolicyViolation.All	Application	Flag channel messages for violating policy	Yes
Chat.Create	Delegated	Create chats	No
Chat.Create	Application	Create chats	Yes
Chat.Read.All	Application	Read all chat messages	Yes
Chat.ReadBasic	Delegated	Read names and members of user chat threads	No
Chat.ReadBasic.All	Application	Read names and members of all chat threads	Yes
Chat.ReadWrite	Delegated	Read and write user chat messages	No
Chat.ReadWrite.All	Application	Read and write all chat messages	Yes
ChatMember.Read	Delegated	Read the members of chats	Yes
ChatMember.Read.All	Application	Read the members of all chats	Yes
ChatMember.Read.WhereInstalled	Application	Read the members of all chats where the associated Teams application is installed.	Yes
ChatMember.ReadWrite	Delegated	Add and remove members from chats	Yes
ChatMember.ReadWrite.All	Application	Add and remove members from all chats	Yes
ChatMember.ReadWrite.WhereInstalled	Application	Add and remove members from all chats where the associated Teams application is installed.	Yes
ChatMessage.Read	Delegated	Read user chat messages	No
ChatMessage.Read.All	Application	Read all chat messages	Yes
ChatMessage.Send	Delegated	Send user chat messages	No
email	Delegated	View users' email address	No
Files.Read	Delegated	Read user files	No
Files.Read.All	Delegated	Read all files that user can access	No
Files.Read.All	Application	Read files in all site collections	Yes
Files.ReadWrite	Delegated	Have full access to user files	No
Group.ReadWrite.All	Delegated	Read and write all groups	Yes
offline_access	Delegated	Maintain access to data you have given it access to	No
openid	Delegated	Sign users in	No
profile	Delegated	View users' basic profile	No
ServiceMessage.Read.All	Application	Read service messages	Yes
User.Read	Delegated	Sign in and read user profile	No
User.Read.All	Delegated	Read all users' full profiles	Yes
User.Read.All	Application	Read all users' full profiles	Yes
User.ReadWrite.All	Application	Read and write all users' full profiles	Yes

After setting all permissions, click on Grant admin consent for org.

Configure Microsoft Teams Bridge

Navigate to Microsoft Teams Bridge App Info > Settings.
Update the Microsoft Entra Directory (tenant) ID, Microsoft Entra Application (client) ID, and Microsoft Entra Client Secret with the values you copied earlier. Then, click Save Changes.

Ensure you use the correct credentials and set the appropriate API permissions on the Microsoft Entra ID.

API limitation

With the Microsoft Teams Bridge, you can exchange up to 500 messages per month across Rocket.Chat and MS Teams at no additional cost. If you surpass this limit, you can no longer exchange messages between Rocket.Chat and Teams.

If you intend to exchange more than 500 messages, here are some important details to note:

Check if the API is metered. Microsoft Teams has free and metered APIs that are billed based on usage. Know the metering unit to estimate API costs. There's a limit of 500 messages per month. Exceeding this limit means Teams messages won't show in Rocket.Chat, but it can still be sent.

Read the documentation to learn more about the pricing models and licensing requirements.

To monitor message count, set up an Azure budget to track messages against the threshold. Configure alerts to ensure you stay within the 500 messages monthly spending limit. For example, your organizational spending limit is 500 messages per month; email notifications are sent if the budget threshold is exceeded.

See the official guide to understand how to create and manage Azure budgets.

This app was developed in partnership with Yuqing Bian during Google Summer of Code 2022.