Microsoft Teams Orgwide Integration

For calendar/email orgwide integration, please refer to this document.

1) Scope of Integration

Use-case:

Organization-wide connection to Microsoft Teams to automatically ingest Microsoft Teams meeting transcripts into Rox for search, analytics, enrichment, and AI-powered insights.

This integration allows Rox to:

• Discover Teams meeting transcripts across the organization

• Download transcript content (WebVTT format)

• Parse and structure transcripts

• Associate transcripts with meeting metadata and attendees

• Enable transcript search and insights within Rox

This is a read-only integration. Rox does not modify meetings, users, or transcripts in Microsoft Teams.

Supported Data Access

Permission Model

• Application-level permissions

• Granted once by a Microsoft Teams tenant admin

• No per-user consent required

• No delegated scopes used

• No user credentials stored

Important Note

Rox recommends implementing Application Access Policies to limit which users’ meeting data can be accessed (see Section 8).

2) What Data Rox Accesses

What Rox Does NOT Access

• Chat messages

• Channel messages

• Files or attachments

• Teams messages

• Video or audio recordings

• User mailboxes

• Calendar write access

This integration is strictly limited to Teams meeting transcript ingestion.

3) Microsoft Entra (Azure AD) Application Details

No user passwords, MFA tokens, or delegated session tokens are stored.

4) Components & Hosting Locations

Rox does not proxy Microsoft infrastructure. Your Entra tenant remains the authority for authentication and access control.

5) Data Handling & Privacy

6) Security Controls

7) Customer Action Checklist (IT / Admin)

1. Set-up a mail-enabled security group and restrict access with Application Access Policy using the instructions in step 8.

2. Go to Rox UI and follow the instructions in step 9 to create the integration

3. Review and approve the Rox Teams Integration request through the Microsoft auth page.

4. Verify that Rox appears under Enterprise Applications → Rox Teams Integration in your Entra portal.

8) Restricting Application Access Policy (Recommended)

By default, Microsoft Graph application permissions are tenant-wide.

To restrict which users’ Teams meetings and transcripts Rox can access, Microsoft provides Application Access Policies via Teams PowerShell.

This is strongly recommended for enterprises.

A) Install Required PowerShell Module

B) Create a Teams Application Access Policy

Use AppId e71c2f8d-6b21-4425-a1bc-73839163c76a for Microsoft Teams integration.

C) Grant the Policy to Specific Users

D) Verify Policies

List policies:

Check assignment:

If Get-CsUser is not recognized, use Get-CsOnlineUser (Teams PowerShell).

9) Integration Flow

Step 1 — Admin Initiates Connection

A Microsoft Entra Global Admin (or Privileged Role Admin):

Goes to Rox → Settings → Integrations → Click "Connect" on Microsoft Teams

Step 2 — Admin Consent

The admin is redirected to Microsoft’s standard Admin Consent screen.

Microsoft displays the requested application permissions:

• OnlineMeetings.Read.All

• OnlineMeetingTranscript.Read.All

• OnlineMeetingArtifact.Read.All

• User.ReadBasic.All

The admin reviews and clicks Accept. You will be redirected to the Rox application where you can see that the Microsoft Teams integration will be connected.

Step 3 — Tenant Authorization

Microsoft:

• Registers Rox as an Enterprise Application

• Grants application-level Graph permissions

• Enables Rox to access transcripts across the tenant

No user-level login is required after this step.

9) Summary