Prerequisites for connecting Amazon Q Business to Microsoft Teams - Amazon Q Business

Prerequisites for connecting Amazon Q Business to Microsoft Teams

Before you begin, make sure that you have completed the following prerequisites.

In Microsoft Teams, make sure you have:

  • Created a Microsoft Teams account in Office 365.

  • Copied your Microsoft 365 Tenant ID. You can find your Tenant ID in the Properties of your Azure Active Directory Portal. You need this URL to allow Amazon Q to connect with your Microsoft Teams data source. For more information, see Register a Microsoft Entra app and create a service principal on the Microsoft website.

  • Configured an OAuth 2.0 credential token containing a client ID and client secret. For more information, see Azure documentation on managing access tokens for Teams on the Microsoft website.

  • Added the necessary permissions. You can choose to add all permissions, or you can limit the scope by selecting fewer permissions based on which entities you want to crawl. The following table shows permissions by corresponding entity.

    Entity Required permissions for data sync Required permissions for identity sync
    Channel Post

    • ChannelMessage.Read.All

    • Group.Read.All

    • User.Read

    • User.Read.All

    		 TeamMember.Read.All
    Channel Attachment

    • ChannelMessage.Read.All

    • Group.Read.All

    • User.Read

    • User.Read.All

    		 TeamMember.Read.All
    Channel Wiki

    • Group.Read.All

    • User.Read

    • User.Read.All

    		 TeamMember.Read.All
    Chat Message

    • Chat.Read.All

    • ChatMessage.Read.All

    • ChatMember.Read.All

    • User.Read

    • User.Read.All

    • Group.Read.All

    		 TeamMember.Read.All
    Meeting Chat

    • Chat.Read.All

    • ChatMessage.Read

    • ChatMember.Read.All

    • User.Read

    • User.Read.All

    • Group.Read.All

    		 TeamMember.Read.All
    Chat Attachment

    • Chat.Read.All

    • ChatMessage.Read

    • ChatMember.Read.All

    • User.Read

    • User.Read.All

    • Group.Read.All

    		 TeamMember.Read.All
    Meeting File

    • Chat.Read.All

    • ChatMessage.Read.All

    • ChatMember.Read.All

    • User.Read

    • User.Read.All

    • Group.Read.All

    • Files.Read.All

    		 TeamMember.Read.All
    Calendar Meeting

    • Chat.Read.All

    • ChatMessage.Read.All

    • ChatMember.Read.All

    • User.Read

    • User.Read.All

    • Group.Read.All

    • Files.Read.All

    		 TeamMember.Read.All
    Meeting Notes

    • User.Read

    • User.Read.All

    • Group.Read.All

    • Files.Read.All

    		 TeamMember.Read.All

  • Generated Microsoft Teams OAuth 2.0 credentials containing a client id, client secret, username, and password. You need these credentials to authenticate Amazon Q to access Microsoft Teams.

In your AWS account, make sure you have:

  • Created a Amazon Q Business application.

  • Created a Amazon Q Business retriever and added an index.

  • Created an IAM role for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.

  • Stored your Microsoft Teams authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.

    Note

    If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.

For a list of things to consider while configuring your data source, see Data source connector configuration best practices.