Univention Bugzilla – Bug 48389
Make it possible to create office365 teams automatically
Last modified: 2021-09-13 17:23:23 CEST
Currently it is possible to sync groups but it is not possible to create "Micorsoft Teams": https://docs.microsoft.com/en-us/graph/api/resources/teams-api-overview?view=graph-rest-1.0 Both customers asked for it.
Same reason as Bug on here http://forge.univention.org/bugzilla/show_bug.cgi?id=50093 because Microsoft need Mail enabled Security Group to be recognized in MS Exchange Online / Teams as a Group. -> The User must be in a Mail Enabled Security Group then the Group Membership could be used to link the Group to a Team.
(In reply to Alexander Teubner from comment #1) > Same reason as Bug on here > http://forge.univention.org/bugzilla/show_bug.cgi?id=50093 because Microsoft > need Mail enabled Security Group to be recognized in MS Exchange Online / > Teams as a Group. -> The User must be in a Mail Enabled Security Group then > the Group Membership could be used to link the Group to a Team. To be sure: The UCS O365 connector as of now creates "security groups". There seems to be no way to directly activate "Teams" for a security group, this can only be done "indirectly" by creating an additional dynamic group and rules to add members of the security group to this dynamic group. See for example: https://techcommunity.microsoft.com/t5/microsoft-teams/ad-security-group-as-members-in-teams/m-p/355367 So I propose to make the group type created in Azure AD based on a UCS group configurable, so activating teams depends on Bug #51187
Proposal to implement this once we have mail addresses (Bug 50093) and group type (Bug 51187): * we add a new Extended Attribute "Teams" which is a checkbox (wording needs to be the same as in the Microsoft 365 management tools) * activating the checkbox needs to raise an error in case the group type is not "Office 365 group" * we should extend the documentation with a short description how to change the default of the Extended Attribute in case users want to have all new groups active in "Microsoft Teams"
(In reply to Ingo Steuwer from comment #3) > Proposal to implement this once we have mail addresses (Bug 50093) and group > type (Bug 51187): > > * we add a new Extended Attribute "Teams" which is a checkbox (wording needs > to be the same as in the Microsoft 365 management tools) > * activating the checkbox needs to raise an error in case the group type is > not "Office 365 group" > * we should extend the documentation with a short description how to change > the default of the Extended Attribute in case users want to have all new > groups active in "Microsoft Teams" For understanding. We talk about extended attributes for group objects in UCS?
(In reply to Nico Gulden from comment #5) > (In reply to Ingo Steuwer from comment #3) > > Proposal to implement this once we have mail addresses (Bug 50093) and group > > type (Bug 51187): > > > > * we add a new Extended Attribute "Teams" which is a checkbox (wording needs > > to be the same as in the Microsoft 365 management tools) > > * activating the checkbox needs to raise an error in case the group type is > > not "Office 365 group" > > * we should extend the documentation with a short description how to change > > the default of the Extended Attribute in case users want to have all new > > groups active in "Microsoft Teams" > > For understanding. We talk about extended attributes for group objects in > UCS? yes
bug 53397 for LDAP and UDM Integration bug 52840 for the general graph api implementation a509b89 Bug #48389: Add Microsoft Graph permissions in the wizard creation of the manifest 1d7f726 Bug #48389: Test new ldap/udm attributes for teams and team owners 118c985 Bug #48389: fixup! Add Microsoft Graph permissions in the wizard creation of the manifest 1dab5fa Bug #48389: Simplified & documented terminaltest.py 4553bf7 Bug #48389: Fixed typo in graph.py comment 1f32bc2 Bug #48389: Add Graph API to group listener module 29bd7a4 Bug #48389: Synchronize group owner changes 53ec900 Bug #48389: Integrate async calls into lib a97bc83 Bug #48389: Add Graph API to group listener module b4bb311 Bug #48389: univention.listener.handler_logging bc2a7af Bug #48389: unarchive team 37a1bd4 Bug #48389: unarchive team 6b400ce Bug #48389: logging 0205f68 * Bug #48389: use azure_handler delete_user and bf2a034 Bug #48389: 92_office365/302_check_big_group 6c1d5ea Bug #48389: New test cases for Team listener functionality c9ccf40 Bug #48389: version bump d970ba6 Bug #48389: Prevent access token being owned by a user other than listener 6046b62 Bug #48389: fixup Automated tests for listener Team functionality added 68a640a Bug #48389: Add create_group method to Graph class 3786284 Revert "Bug #48389: Add create_group method to Graph class" 0631079 Bug #48389: Retry addition of owner for a while until group is found b89bcd7 Bug #48389: Make adding the owner to the team an async job 17e2396 Bug #48389: Check if permissions are sufficient for Team functionality. e15d3f4 Bug #48389: Add link f5e66ae Bug #48389: Add valid HTTP response code to create team call 0dbb6bd Bug #48389: Cleanup. Remove unused code 2598626 Bug #48389: changelog 5973264 Bug #48389: Skip test 402 for now Groups now have a checkbox to activate them as a team - setting an owner on the MS365 tab is required. Setting up a team is an asynchronous operation in Azure Graph, there is functionality to retry async calls to graph (share/univention-ms-office-async), which logs to /var/log/univention/listener_modules/ms-office-async.log univention-office365 2.0.2-155A~4.4.0.202109101246 Manual tests and ucs-tests are fine Verified
Published in App 'office365' version 4.0