Integration · chat
Secure Microsoft Teams for AI
Team and channel-aware controls, private-chat exclusion, sensitivity-label awareness, and per-tenant policy enforcement for AI integrated with Teams.
Why Microsoft Teams needs PortEden
What goes wrong when you connect Microsoft Teams to AI
- ChannelMessage.Read.All gives an agent read access to every channel message in every team — including private team channels that the user joined years ago and forgot about.
- Chat.Read covers 1:1 and group chats. An agent with this scope ingests every DM the user has — performance discussions, salary chats, customer-complaint pivots — all of it.
- Teams chats can include shared files inline via Graph; an AI summarizing 'recent discussions' fetches the linked SharePoint files transitively and surfaces content that should never have been in scope.
What you can control
Team and channel allowlist
- · Per-agent team allowlist by team ID or display-name pattern.
- · Channel-level denylist for private channels matching #leadership-private, #partner-comms, #legal-review.
Chat and private-message exclusion
- · 1:1 chats and group chats default to denied — even when the OAuth token grants Chat.Read.
- · Per-agent opt-in for workflows that genuinely require chat context (e.g. a chat-summarizer agent scoped to specific chat IDs).
Sensitivity-label and content controls
- · Channels with sensitivity labels applied (Confidential, Highly Confidential) default to denied for agents.
- · Inline file references in messages are filtered through your SharePoint/OneDrive policy before content is exposed to the agent.
Set up in 5 minutes
1
Install PortEden CLI
npx @porteden/cli — supports macOS, Linux, and Windows. Microsoft 365 commercial and GCC.
2
Register and consent
porteden teams connect --tenant-id <id>. Requests minimum Graph scopes (ChannelMessage.Read.Group by default); admin consent if app permissions are needed.
3
Define team/channel policy
~/.porteden/teams.yaml with team_allowlist, channel_denylist, chat_mode (deny by default), and label rules.
4
Verify with audit log
porteden audit tail --tool teams shows every Graph chat or channel-message request with team, channel, and rule fired.
Compatible AI clients
ClaudeChatGPTGeminiCopilotCursor
Frameworks this integration touches
Microsoft Information ProtectionMicrosoft Purview labelsWorkplace privacy
Frequently Asked Questions
Can PortEden distinguish public channels from private channels and shared channels?
Yes. The Graph API surfaces channel membership type (standard, private, shared) and PortEden's policy can route differently for each: e.g. allow standard, deny private, deny shared. Default policy denies private channels for AI agents.
What about 1:1 and group chats — are they covered separately?
Yes. Channel messages and chats use different Graph permissions (ChannelMessage.* vs Chat.*) and have separate PortEden policy sections. The default deny for Chat.Read means agents see no DMs unless you explicitly opt in.
Do you honor Microsoft Information Protection labels on Teams content?
Yes. Sensitivity labels applied at the team, channel, or file level are returned by Graph and enforced by PortEden's per-agent label policy. A Highly Confidential team returns a redaction stub for its channel messages rather than the content.
How does this work with Copilot for Microsoft 365 in Teams?
Copilot operates inside Microsoft's tenant boundary with Purview integration. PortEden is for non-Copilot AI clients (Claude Desktop, ChatGPT custom GPTs, internal LangChain bots) that hit Teams via Graph. The two coexist with different scopes.
Can we use this in GCC / GCC High / DoD tenants?
GCC commercial: yes. GCC High and DoD: pass --cloud usgov or --cloud dod at connect time to use the alternate Graph endpoints. Confirm specifics with our team.