Integrate a new Microsoft Teams source (private beta)

info

For now, only real-time scanning is supported. All detectors are supported, with the exception of these 2 generic detectors, in order to limit the risk of false positives:

• Generic High Entropy Secret
• Generic Password

Setting up and configuring this integration is limited to users with an Owner or Manager access level. Microsoft Teams tenant installation is only open to workspaces under the Business plan, but uninstallation is open to all. Alternatively, you can install and test secret detection in Microsoft Teams with a 30-day trial. Any secret incidents created during this period will remain accessible in your incident dashboard after the trial period.

GitGuardian integrates natively with Microsoft Teams via an Entra app that you can install on your Microsoft Teams tenants. Note that the GitGuardian Entra app only has read access to your channels.

Setup your Microsoft Teams integration

You can install GitGuardian on multiple Microsoft Teams tenants to monitor your standard, private and shared channels.

1. Make sure you're logged as administrator in the Microsoft Teams tenant you want to install
2. In the GitGuardian platform, navigate to the Sources integration page
3. Click on the Install button next to Microsoft Teams in the Messaging section
4. Click on the Install button of the Microsoft Teams integration page
5. Select your Microsoft Teams administrator account
6. Click on the Accept button to accept the permissions requested by GitGuardian

That's it! Our GitGuardian Entra app is now automatically installed on your Microsoft Teams tenant. It will now start monitoring all posts shared on your standard, private and shared channels for secrets.

Uninstall your Microsoft Teams tenant

To uninstall a Microsoft Teams tenant:

1. In the GitGuardian platform, navigate to the Sources integration page
2. Click on the Edit button next to Microsoft Teams in the Messaging section
3. Click on the bin icon next to the Microsoft Teams tenant to be uninstalled
4. Confirm by clicking on the Yes, uninstall button in the confirmation modal

That's it! Your Microsoft Teams tenant is now uninstalled and the associated secret incidents remain visible in the incident dashboard.

Limitations

The Microsoft Teams integration is currently available in private beta and has a number of limitations:

• Integration: Once integration has been completed, real-time secret detection is not immediately activated on all channels. The channel integration process continues in the background and may take some time, depending on the size of your Microsoft Teams. Integration progress is visible from the Microsoft Teams integration page.
• Monitored channels: The number of channels that can be included in the monitored perimeter depends on the number of subscriptions authorized by your Azure tenant. In any case, there is a hard limit of 10,000 channels that can be monitored. This limit may be lower, depending on the number of subscriptions already consumed by third-party applications. If your Microsoft Teams has too many channels, your monitoring will be partial. We prioritize the integration of standard channels, followed by private channels, then shared channels.
• Historical Scan: Historical scans are not yet supported (coming soon).
• Source Listing: Monitored Microsoft Teams channels are not yet listed on the Perimeter page (coming soon).
• Monitored Perimeter: Customization of the monitored perimeter is not supported. All channels are monitored by default.
• Team Perimeter: Customization of a team perimeter with Microsoft Teams channels is not supported. Users must be part of the All-incidents team to view and access secret incidents related to Microsoft Teams.
• Source Visibility: The visibility of channels is partially determined. Private channels are considered private, while public and shared channels are considered public in both the UI and API.
• Presence Check: The presence check feature is not supported. All occurrences are considered present in both the UI and API.
• Group Chats: Group chats are not scanned.
• File Attachments: File attachments are not scanned.
• Occurrence Previews: Previews of occurrences are not supported.

Privacy

Country-specific laws and regulations may require you to inform your Microsoft Teams users that your channels are being scanned for secrets. Here is a suggestion for a message you may want to use:

As part of our internal information security process, the company scans the Microsoft Teams channels for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only channels relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the channel’s purpose.