Bug 48389 - Make it possible to create office365 teams automatically
Summary: Make it possible to create office365 teams automatically
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Office 365
Version: UCS 4.4
Hardware: Other Mac OS X 10.1
: P5 normal
Target Milestone: ---
Assignee: Max Pohle
QA Contact: Erik Damrose
URL:
Keywords:
Depends on: 52840 53397
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-20 15:24 CET by Michel Smidt
Modified: 2021-09-13 17:23 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020021721000941
Bug group (optional):
Customer ID: 05017, 09801
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michel Smidt 2018-12-20 15:24:52 CET
Currently it is possible to sync groups but it is not possible to create "Micorsoft Teams": https://docs.microsoft.com/en-us/graph/api/resources/teams-api-overview?view=graph-rest-1.0

Both customers asked for it.
Comment 1 Alexander Teubner 2019-09-07 12:36:29 CEST
Same reason as Bug on here http://forge.univention.org/bugzilla/show_bug.cgi?id=50093 because Microsoft need Mail enabled Security Group to be recognized in MS Exchange Online / Teams as a Group. -> The User must be in a Mail Enabled Security Group then the Group Membership could be used to link the Group to a Team.
Comment 2 Ingo Steuwer univentionstaff 2020-04-29 15:09:54 CEST
(In reply to Alexander Teubner from comment #1)
> Same reason as Bug on here
> http://forge.univention.org/bugzilla/show_bug.cgi?id=50093 because Microsoft
> need Mail enabled Security Group to be recognized in MS Exchange Online /
> Teams as a Group. -> The User must be in a Mail Enabled Security Group then
> the Group Membership could be used to link the Group to a Team.

To be sure:

The UCS O365 connector as of now creates "security groups". There seems to be no way to directly activate "Teams" for a security group, this can only be done "indirectly" by creating an additional dynamic group and rules to add members of the security group to this dynamic group. See for example:
https://techcommunity.microsoft.com/t5/microsoft-teams/ad-security-group-as-members-in-teams/m-p/355367

So I propose to make the group type created in Azure AD based on a UCS group configurable, so activating teams depends on Bug #51187
Comment 3 Ingo Steuwer univentionstaff 2020-04-29 15:13:47 CEST
Proposal to implement this once we have mail addresses (Bug 50093) and group type (Bug 51187):

* we add a new Extended Attribute "Teams" which is a checkbox (wording needs to be the same as in the Microsoft 365 management tools)
* activating the checkbox needs to raise an error in case the group type is not "Office 365 group"
* we should extend the documentation with a short description how to change the default of the Extended Attribute in case users want to have all new groups active in "Microsoft Teams"
Comment 5 Nico Gulden univentionstaff 2020-04-30 12:37:00 CEST
(In reply to Ingo Steuwer from comment #3)
> Proposal to implement this once we have mail addresses (Bug 50093) and group
> type (Bug 51187):
> 
> * we add a new Extended Attribute "Teams" which is a checkbox (wording needs
> to be the same as in the Microsoft 365 management tools)
> * activating the checkbox needs to raise an error in case the group type is
> not "Office 365 group"
> * we should extend the documentation with a short description how to change
> the default of the Extended Attribute in case users want to have all new
> groups active in "Microsoft Teams"

For understanding. We talk about extended attributes for group objects in UCS?
Comment 6 Ingo Steuwer univentionstaff 2020-04-30 13:42:46 CEST
(In reply to Nico Gulden from comment #5)
> (In reply to Ingo Steuwer from comment #3)
> > Proposal to implement this once we have mail addresses (Bug 50093) and group
> > type (Bug 51187):
> > 
> > * we add a new Extended Attribute "Teams" which is a checkbox (wording needs
> > to be the same as in the Microsoft 365 management tools)
> > * activating the checkbox needs to raise an error in case the group type is
> > not "Office 365 group"
> > * we should extend the documentation with a short description how to change
> > the default of the Extended Attribute in case users want to have all new
> > groups active in "Microsoft Teams"
> 
> For understanding. We talk about extended attributes for group objects in
> UCS?

yes
Comment 7 Erik Damrose univentionstaff 2021-09-10 18:08:20 CEST
bug 53397 for LDAP and UDM Integration
bug 52840 for the general graph api implementation

a509b89 Bug #48389: Add Microsoft Graph permissions in the wizard creation of the manifest
1d7f726 Bug #48389: Test new ldap/udm attributes for teams and team owners
118c985 Bug #48389: fixup! Add Microsoft Graph permissions in the wizard creation of the manifest
1dab5fa Bug #48389: Simplified & documented terminaltest.py
4553bf7 Bug #48389: Fixed typo in graph.py comment
1f32bc2 Bug #48389: Add Graph API to group listener module
29bd7a4 Bug #48389: Synchronize group owner changes
53ec900 Bug #48389: Integrate async calls into lib
a97bc83 Bug #48389: Add Graph API to group listener module
b4bb311 Bug #48389: univention.listener.handler_logging
bc2a7af Bug #48389: unarchive team
37a1bd4 Bug #48389: unarchive team
6b400ce Bug #48389: logging
0205f68 * Bug #48389: use azure_handler delete_user and
bf2a034 Bug #48389: 92_office365/302_check_big_group
6c1d5ea Bug #48389: New test cases for Team listener functionality
c9ccf40 Bug #48389: version bump
d970ba6 Bug #48389: Prevent access token being owned by a user other than listener
6046b62 Bug #48389: fixup Automated tests for listener Team functionality added
68a640a Bug #48389: Add create_group method to Graph class
3786284 Revert "Bug #48389: Add create_group method to Graph class"
0631079 Bug #48389: Retry addition of owner for a while until group is found
b89bcd7 Bug #48389: Make adding the owner to the team an async job
17e2396 Bug #48389: Check if permissions are sufficient for Team functionality.
e15d3f4 Bug #48389: Add link
f5e66ae Bug #48389: Add valid HTTP response code to create team call
0dbb6bd Bug #48389: Cleanup. Remove unused code
2598626 Bug #48389: changelog
5973264 Bug #48389: Skip test 402 for now


Groups now have a checkbox to activate them as a team - setting an owner on the MS365 tab is required.

Setting up a team is an asynchronous operation in Azure Graph, there is functionality to retry async calls to graph (share/univention-ms-office-async), which logs to /var/log/univention/listener_modules/ms-office-async.log

univention-office365 2.0.2-155A~4.4.0.202109101246

Manual tests and ucs-tests are fine
Verified
Comment 8 Erik Damrose univentionstaff 2021-09-13 17:23:23 CEST
Published in App 'office365' version 4.0