Microsoft Teams

Microsoft Teams is an enterprise collaboration tool for messaging, meetings and file sharing. If you are a Microsoft Teams user, you can use Amazon Kendra to index your Microsoft Teams data source.

You can connect Amazon Kendra to your Microsoft Teams data source using the Amazon Kendra console and the TemplateConfiguration API.

For troubleshooting your Amazon Kendra Microsoft Teams data source connector, see Troubleshooting data sources.

Supported features

• Field mappings

• User context filtering

• Inclusion/exclusion filters

• Virtual private cloud (VPC)

• Identity crawler

• Sync all documents/Sync only new, modified, or deleted documents

Prerequisites

Before you can use Amazon Kendra to index your Microsoft Teams data source, make these changes in your Microsoft Teams and AWS accounts.

In Microsoft Teams, make sure you have:

• Created a Microsoft Teams account in Office 365.

• Noted your Microsoft 365 tenant ID. You can find your tenant ID in the Properties of your Azure Active Directory Portal or in your OAuth application.

• Created an OAuth application in the Azure portal and noted the tenant ID, client ID and client secret or client credentials. See Microsoft tutorial for more information.

• Added the necessary permissions. You can choose to add all permissions, or you can limit the scope by selecting fewer permissions based on which entities you'd like to be crawled. Below is the table of permissions by corresponding entity:

  Entity	Required Permissions for Data Sync	Required Permissions for Identity Sync
  Channel Post	ChannelMessage.Read.All Group.Read.All User.Read User.Read.All	TeamMember.Read.All
  Channel Attachment	ChannelMessage.Read.All Group.Read.All User.Read User.Read.All	TeamMember.Read.All
  Channel Wiki	Group.Read.All User.Read User.Read.All	TeamMember.Read.All
  Chat Message	Chat.Read.All ChatMessage.Read.All ChatMember.Read.All User.Read User.Read.All Group.Read.All	TeamMember.Read.All
  Meeting Chat	Chat.Read.All ChatMessage.Read ChatMember.Read.All User.Read User.Read.All Group.Read.All	TeamMember.Read.All
  Chat Attachment	Chat.Read.All ChatMessage.Read ChatMember.Read.All User.Read User.Read.All Group.Read.All	TeamMember.Read.All
  Meeting File	Chat.Read.All ChatMessage.Read.All ChatMember.Read.All User.Read User.Read.All Group.Read.All Files.Read.All	TeamMember.Read.All
  Calendar Meeting	Chat.Read.All ChatMessage.Read.All ChatMember.Read.All User.Read User.Read.All Group.Read.All Files.Read.All	TeamMember.Read.All
  Meeting Notes	User.Read User.Read.All Group.Read.All Files.Read.All	TeamMember.Read.All

• Checked each document is unique in Microsoft Teams and across other data sources you plan to use for the same index. Each data source that you want to use for an index must not contain the same document across the data sources. Document IDs are global to an index and must be unique per index.

In your AWS account, make sure you have:

• Created an Amazon Kendra index and, if using the API, noted the index ID.

• Created an IAM role for your data source and, if using the API, noted the ARN of the IAM role.

  Note

  If you change your authentication type and credentials, you must update your IAM role to access the correct AWS Secrets Manager secret ID.

• Stored your Microsoft Teams authentication credentials in an AWS Secrets Manager secret and, if using the API, noted the ARN of the secret.

  Note

  We recommend that you regularly refresh or rotate your credentials and secret. Provide only the necessary access level for your own security. We do not recommend that you re-use credentials and secrets across data sources, and connector versions 1.0 and 2.0 (where applicable).

If you don’t have an existing IAM role or secret, you can use the console to create a new IAM role and Secrets Manager secret when you connect your Microsoft Teams data source to Amazon Kendra. If you are using the API, you must provide the ARN of an existing IAM role and Secrets Manager secret, and an index ID.

Connection instructions

To connect Amazon Kendra to your Microsoft Teams data source, you must provide the necessary details of your Microsoft Teams data source so that Amazon Kendra can access your data. If you have not yet configured Microsoft Teams for Amazon Kendra, see Prerequisites.

Console

To connect Amazon Kendra to Microsoft Teams

1. Sign in to the AWS Management Console and open the Amazon Kendra console.

2. From the left navigation pane, choose Indexes and then choose the index you want to use from the list of indexes.

   Note

   You can choose to configure or edit your User access control settings under Index settings.

3. On the Getting started page, choose Add data source.

4. On the Add data source page, choose Microsoft Teams connector, and then choose Add data source.

5. On the Specify data source details page, enter the following information:

   1. In Name and description, for Data source name—Enter a name for your data source. You can include hyphens but not spaces.

   2. (Optional) Description—Enter an optional description for your data source.

   3. In Language, for Default language—A language to filter your documents for the index. Unless you specify otherwise, the language defaults to English. Language specified in the document metadata overrides the selected language.

   4. In Tags, for Add new tag—Tags to search and filter your resources or track your AWS costs.

   5. Choose Next.

6. On the Define access and security page, enter the following information:

   1. Source—Enter your Microsoft 365 tenant ID. You can find your tenant ID in the Properties of your Azure Active Directory Portal or in your OAuth application.

   2. AWS Secrets Manager secret—Choose an existing secret or create a new Secrets Manager secret to store your Microsoft Teams authentication credentials. If you choose to create a new secret an AWS Secrets Manager secret window opens.

      1. Enter following information in the Create an AWS Secrets Manager secret window:

         1. Secret name—A name for your secret. The prefix ‘AmazonKendra-Microsoft Teams-’ is automatically added to your secret name.

         2. For Client ID and Client secret—Enter the authentication credential values you generated in your Microsoft Teams account in the Azure portal.

      2. Choose Save.

   3. Payment model—You can choose a licensing and payment model for your Microsoft Teams account. Model A payment models are restricted to licensing and payment models that require security compliance. Model B payment models are suitable for licensing and payment models that do not require security compliance.

   4. Virtual Private Cloud (VPC)—You can choose to use a VPC. If so, you must add Subnets and VPC security groups.

   5. Identity crawler—When the identity crawler is activated, Amazon Kendra syncs identity information. If you choose to turn identity crawler off, you must upload the principal information using the PutPrincipalMappingAPI.

   6. IAM role—Choose an existing IAM role or create a new IAM role to access your repository credentials and index content.

      Note

      IAM roles used for indexes cannot be used for data sources. If you are unsure if an existing role is used for an index or FAQ, choose Create a new role to avoid errors.

   7. Choose Next.

7. On the Configure sync settings page, enter the following information:

   1. Sync contents—Select contents to sync.

   2. Additional configuration— You can optionally use these settings to index certain content instead of syncing all the documents.

   3. Sync mode—You can choose how you want to update your index when your data source content changes.

      1. If you choose full sync, Amazon Kendra will sync all contents in all entities, regardless of the previous sync status.

      2. If you choose new or modified content sync, Amazon Kendra will only sync new or modified content.

      3. If you choose new, modified or deleted content sync, Amazon Kendra will only sync new, modified or deleted content.

8. On the Set field mappings page, enter the following information:

   1. Default data source fields—Select from the Amazon Kendra generated default data source fields you want to map to your index.

   2. Add field—To add custom data source fields to create an index field name to map to and the field data type.

   3. Choose Next.

9. On the Review and create page, check that the information you have entered is correct and then select Add data source. You can also choose to edit your information from this page. Your data source will appear on the Data sources page after the data source has been added successfully.

API

To connect Amazon Kendra to Microsoft Teams

You must specify a JSON of the data source schema using the TemplateConfiguration API. You must provide the following information:

• Data source—You must specify the data source as MSTEAMS.

• Tenant ID—You can find your tenant ID in the Properties of your Azure Active Directory Portal or in your OAuth application.

• Type—Specify TEMPLATE as the Type when you call CreateDataSource.

• Secret Amazon Resource Name (ARN)—Provide the Amazon Resource Name (ARN) of a Secrets Manager secret that contains the authentication credentials for your Microsoft Teams account. The secret is stored in a JSON structure with the following keys:

  {
      "clientId": "client ID",
      "clientSecret": "client secret"
  }

  Note

  We recommend that you regularly refresh or rotate your credentials and secret. Provide only the necessary access level for your own security. We do not recommend that you re-use credentials and secrets across data sources, and connector versions 1.0 and 2.0 (where applicable).

• IAM role—Specify RoleArn when you call CreateDataSource to provide an IAM role with permissions to access your Secrets Manager secret and to call the required public APIs for the Microsoft Teams connector and Amazon Kendra. For more information, see IAM roles for Microsoft Teams data sources.

You can also add the following optional features:

• Virtual Private Cloud (VPC)—Specify VpcConfiguration when you call CreateDataSource. For more information, see Configuring Amazon Kendra to use an Amazon VPC.

• Enable identity crawler—Specify whether to activate identity crawler. If identity crawler is deactivated, you must upload the principal information using the PutPrincipalMapping API. Crawling identity information on users and groups with access to certain documents is useful for user context filtering. Search results are filtered based on the user or their group access to documents. For more information, see Filtering on user context.

• Inclusion and exclusion filters—Specify whether to include or exclude certain content in Microsoft Teams. You can include or exclude team names, channel names, file names and file types, user email, OneNote sections, and OneNote pages. You can also specify whether to index chat messages and attachments, channel posts and attachments, channel wikis, calendar content, meeting chats and files and notes.

  Note

  Most data sources use regular expression patterns, which are inclusion or exclusion patterns referred to as filters. If you specify an inclusion filter, only content that matches the inclusion filter is indexed. Any document that doesn’t match the inclusion filter isn’t indexed. If you specify an inclusion and exclusion filter, documents that match the exclusion filter are not indexed, even if they match the inclusion filter.

• Field mappings—Choose to map your Microsoft Teams data source fields to your Amazon Kendra index fields. For more information, see Mapping data source fields.

For a list of other important JSON keys to configure, see Microsoft Teams template schema.

Learn more

To learn more about integrating Amazon Kendra with your Microsoft Teams data source, see:

• Intelligently search your organization’s Microsoft Teams data source with the Amazon Kendra connector for Microsoft Teams