Chatbots for security and IT teams (Part 5): Microsoft Teams

Written by Aaron Sandow Sales Engineer, Tines

Published on March 24, 2022

This article was posted more than 18 months ago.

⚠️Warning

This blog is a continuation of our series on working with chatbots leveraging Microsoft Teams. In Part 1 of this series, we examined how to set up a chatbot within Microsoft Teams. In Part 2, we explored how to send rich notifications using Cards and use the Microsoft Graph API and the chatbot to proactively find and contact users within Microsoft Teams.

Since those blogs were written, the Tines platform has significantly evolved in many areas. One major enhancement was to our credentials vault. Previously, as suggested in Part 1, authenticating with Microsoft required leveraging HTTP Request Actions within a Tines Story to manually perform the client credentials flow and request a bearer token from Microsoft. Thanks to an update, the client credentials flow can now be handled directly within our credentials vault. This blog will walk through how to set up a chatbot within Microsoft Teams, authenticate the chatbot leveraging the client credentials flow natively from within Tines, and provide a security analyst the ability to respond to an alert via Microsoft Teams.

The automation Story that we are going to build looks like this:

This particular Story, which is available to download and import at the end of this post, leverages an alert from Microsoft Sentinel, but we could use any SIEM or incident source with a publicly accessible API. Tines offers preconfigured Action templates that allow end-users to swiftly connect to many popular tools. After the alert comes into Tines, this Story will create a JIRA ticket. Again, Tines can connect to any case management tool with a publicly accessible API - preconfigured templates are readily available for leading vendors. Once the incident ticket is open, we will alert the proper security analyst on Microsoft Teams and prompt them to take action directly with their chatbot!

Creating a chatbot in Microsoft Teams 

To begin, we will create our chatbot.

  1. The first step is to install App Studio. Microsoft has detailed instructions on this process here.

  2. Once App Studio is installed, we will create a new bot within Microsoft Teams. Use the sidebar of Microsoft Teams to navigate to App Studio —> Manifest editor —> click "Bot management."

3. Give the bot a name and click "Create."

4. After creating the bot, we should see a success message with the bot's Name, Bot Id, and Password. Note these values down somewhere safe for future reference.

We have successfully created a chatbot within Microsoft Teams.

Create a new Microsoft application 

The chatbot needs a Microsoft application associated with it. This is ultimately what we will authenticate against.

  1. Within Microsoft Teams, navigate back to the App Studio home and, this time, create a new application.

2. Enter a short name, full name, generate an App ID and fill in the Package Name (com.tines.io.app) and Version Number (1.0.0). Note down the App ID somewhere safe for easy future reference.

3. Enter a description and developer information for your app.

4. Enter the privacy statement, terms of use, and required branding information for your app.

5. Click the bots tab in the left-hand menu and click "Set up."

6. Choose "Existing bot" along the top and "Select from one of my existing bots." For Scope, enable all three available scopes (Personal, Team, Group Chat) and click "Save." This step links the bot we created with the new app.

7. Navigate to Finish —> Test and distribute —> and click "Install."

8. Click the drop-down next to "Add" and select "Add to a team."

9. Choose the team and click "Set up a bot."

Setting up credentials in Tines 

This section covers new Tines technology that was not yet available when Part 1 of this series was written. Here we will be using the client credentials flow built into the Tines tenant to fetch a bearer token from Microsoft rather than chaining HTTP Request Actions together as stated in the original blog. For this section, you will need to start by logging into your Tines tenant. If you're new to Tines, you can sign up for the free, fully-loaded Community Edition here.

  1. Log in to your Tines tenant and either navigate to an existing team or create a new team. Once in the appropriate team, navigate to credentials and click "New credential" on the top right.

2. Enter the following information:

a) Name: Any name that describes the credential (e.g., TeamsChatbot is used in the Story attached and can be leveraged for consistency)

b) Description: Description for the credential

c) Type: OAuth 2.0

d) Callback URL: Copy this locally for easy reference https://{Tines_Tenant}.tines.com/oauth2/callback

e) Leave this tab open

3. In a new browser tab, navigate to your Azure Portal, then click on "App registrations."

4. Click on the chatbot that was just created. Reference the Application (client) ID to ensure you navigate the correct application. The Application (client) ID was acquired in step 2 of the 'Create a new Microsoft Application' section above.

5. Click "Add a Redirect URI."

6. Click "Add a platform" —> Web.

7. Paste in the Redirect URI (callback URL acquired in step 2.d. of this section) and then click "Configure" at the bottom.

8. You should see the Redirect URI populate in the middle of the screen under the "Add a platform" button.

9. Navigate back to your Tines tenant, and let's continue where we left off on step 2 of this section.

a) Name: Any name that describes the credential (TeamsChatbot is used in the Story attached and can be leveraged for consistency)

b) Description: Description for the credential

c) Type: OAuth 2.0

d) Callback URL: Copy this somewhere for easy reference https://{Tines_Tenant}.tines.com/oauth2/callback

e) Client Id: This is the Bot ID from step 4 of 'Creating the chatbot in Microsoft Teams.'

f) Client Secret: This is the password from step 4 of 'Creating the chatbot in Microsoft Teams.'

g) Scope: https://api.botframework.com/.default

h) Grant type: Client credentials

i) OAuth authorization request URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize

j) OAuth token URL: