--- title: AI Assistant in Microsoft Teams (GCCH) Setup Guide excerpt: '' deprecated: false hidden: false metadata: title: '' description: '' robots: index next: description: '' --- This guide will walk you through the process of setting up a Moveworks AI Assistant for Microsoft Teams in your Microsoft Teams GCCH Tenant. Once you complete the below steps you should have the following data fields collected. 1. **Microsoft Graph App ID** 2. **Microsoft Graph Tenant ID** 3. **Microsoft Graph Secret Value** 4. **Teams App Link** (to retrieve the app GUID) These will be used to Configure the Team AI Assistant. # Prerequisites 1. Ensure that you have a Microsoft Azure Pay-As-You-Go subscription already setup (or some other subscription) 1. The subscription must be applied under the global subscription filter. 2. If it is not, search for the Directory + Structure configuration page and enable the subscription so that it shows up globally. 2. Ensure that you have administrative rights to the main tenant in Microsoft Azure console 1. This includes the ability to create resource groups under the above subscription 3. Ensure that you have a Teams administrator that can create and manage applications and setup policies # Ensure Proper Networking Allowlist Rules If you are leveraging a Firewall, CASB, or VDI, and have another layer of network firewall rules. Ensure the following Moveworks owned domain is in an allowlist so that Moveworks can render content in [Microsoft Teams Task Modules](https://learn.microsoft.com/en-us/microsoftteams/platform/task-modules-and-cards/what-are-task-modules). * `https://app.moveworksgov.ai` # 1. Capturing the Tenant ID You can find the Tenant ID prior to the call by visiting the following URL. Replace **\** with your company domain name. **[https://login.microsoftonline.com/](https://login.microsoftonline.com/)\/.well-known/openid-configuration** You will receive a JSON response. Look for the key `token_endpoint` and find the Tenant ID in the url. **\{"token_endpoint":"[https://login.microsoftonline.com/](https://login.microsoftonline.com/)\/oauth2/token" ….**Create the AI Assistant in Your Tenant as an Azure Resource # 2. Create the Azure Bot in Your Tenant 1. Navigate to [https://portal.azure.us/#create/Microsoft.BotChannelRegistration](https://portal.azure.us/#create/Microsoft.BotChannelRegistration) 2. Fill out the information as follows: 1. **Bot handle** - should be named the AI Assistant name that was approved 1. You can use “Moveworks” as a placeholder if this has not been decided 2. **Subscription** - this should default to "Pay-as-you-go” or another subscription that you have available. 3. **Resource Group** - create new group for the bot 4. **Resource Group Location** - choose lowest latency 1. For example: "West US 2" if you are on the west coast, or "East US 2" if you are east coast based. 5. **Pricing tier** - set this to F0 (this is a free tier) 1. **Note:** While the licensing structure is pay-as-you-go for messages in _premium_ channels, it is unlimited for _standard_ channels such as MS Teams. Therefore when choosing F0 as the pricing tier, the AI Assistant resource does not cost anything and the AI Assistant will not incur any additional fees (resource groups are also free). For more information, see [this page](https://azure.microsoft.com/en-us/pricing/details/bot-service/). ![](https://files.readme.io/2d987382ceea46cc5fd9f3ec3146aa36061071c5e04136c79c1df0bc9329469a-image.png)
6. **Messaging Endpoint** leave this blank for now and we will revisit it later in the configuration 3. Under **Microsoft App ID**, 1. **Type of app -** select **Single Tenant** for the selection. ![](https://files.readme.io/ee47cf159e6fd02d4fd37a3bbc15b2f06d11dddbb9c3a86285ce857bb7489240-image.png)
4. Select **Create new Microsoft App ID** and hit **Review + create** 1. You will see “Validation Passed“ 2. After reviewing the selections, hit **Create** and your deployment will be in process ![](https://files.readme.io/ebe0e8e5aa9de345a6cb453199ac3f85357dd2f717c592afd85f0edb8653283c-image.png)
# 3) Configure the Azure Bot settings Find the AI Assistant Channel Registration or Embedded AI Assistant that was created by waiting for the deployment to finish and then clicking on the “Go to resource” button. Or by searching for the AI Assistant by name in the Azure console. ![](https://files.readme.io/f7694e713132405edff0cdcb69a55ee45590eec8b1b39ae2949ceb8f654d0561-image.png) 1. Navigate to **Bot Profile** on the left hand pane 2. Set the **Display name** of the AI Assistant to the approved AI Assistant name or set this to “Moveworks” temporarily, then click the **Apply**. 3. Navigate to **Configuration** on the left hand pane 4. Add the URL `https://app.moveworksgov.ai//api/messages` where `` is the string in the "Microsoft App ID" shown in the grey box under the Messaging Endpoint. ### Example ![](https://files.readme.io/24889a4-small-Untitled_-_2023-05-11T113043.977.png) # 4. Grant API Permissions to Microsoft Graph token ### Generate Secret 1. Click on **Manage** (shown in parenthesis beside the Microsoft App ID title) in the screenshot above. 2. Select **Certificates and Secrets** on the left hand pane. ![](https://files.readme.io/c7d7666-small-Untitled_-_2023-05-11T113147.420.png) 3. Under Client Secrets select New client secret ![](https://files.readme.io/81448b7-small-Untitled_-_2023-05-11T113145.315.png) 4. Enter a name such as “Moveworks Bot” and set the expiration for 2 years. 5. Copy the Secret value and save it. 1. **Make sure you do not skip this step as the Client Secret value will be blocked from plain text view after** ### Add API Permissions 1. Navigate to **API Permissions** on the left hand pane. 2. Select **Add a Permission** and choose **Microsoft Graph.** ![](https://files.readme.io/eed38a9-small-Untitled_-_2023-05-11T120345.147.png) 3. On the **Request API Permissions** screen, select MS Graph, and add the necessary permissions for the Teams AI Assistant as **Application Permissions**. 1. **User.Read.All** 2. **TeamsAppInstallation.ReadWriteSelfForUser.All** ![](https://files.readme.io/9b2b564-small-Untitled_-_2023-05-11T120403.970.png) 4. **(Optional)** If you are utilizing the Office 365 integration in Moveworks for Microsoft Graph Group Management, Sharepoint Site Ingestion, or Intune integration, please add the following permission based on the feature set you are implementing: 1. Provision access to/create Office 365 groups: 1. _Group.ReadWrite.All_ 2. Display end-user facing Sharepoint articles as an IT knowledge base: 1. _Sites.Read.All_ 3. To direct users to apps or device actions in the InTune Company Portal: 1. _DeviceManagementApps.Read.All_ 4. Ensure all permissions have admin approval granted. Once granted the green 5. Ensure all permissions have admin approval granted. Once granted the **green check mark** should appear. ### Verify the Azure Manifest Under the credentials/configuration section, navigate to the Manifest section and verify **signInAudience** is set to **AzureADandPersonalMicrosoftAccount.** ![](https://files.readme.io/9312ec0-small-Untitled_-_2023-05-11T113430.821.png) # 5. Add the Microsoft Teams Feature Channel 1. Navigate back to your AI Assistant Channel Registration configuration within the **Bot Services** module. 2. Choose the created _Bot Service_ from the previous step. 3. Select the **Channels** tab on the left. Beneath **"Add a feature channel"**, select the **Microsoft Teams icon** and on the next screen, click **"Save".** ![](https://files.readme.io/e5a42a5-small-Untitled_-_2023-05-11T113518.655.png) # 6) Use These Credentials to create the Chat Bot Configuration Start by navigating to **Manage Chatbots** under the **Chat Platforms** Module. Where you can create a new Chat Bot configuration for the Teams AI Assistant which will use the below data fields. * **Microsoft Graph App ID** * **Microsoft Graph Tenant ID** * **Microsoft Graph Secret** ![](https://files.readme.io/0936798f065978c161a39f051e901b75a85afbea1074026c834cae020a77cc0d-image.png) All the steps of [How To Configure an AI Assistant ](/docs/deploy-bots)are defined in the Guide. Please follow them to create the remaining steps. # 7. Add the AI Assistant to Your Organization in Teams Once the ChatBot configuration has been created you can download the below assets to create an MS Teams Bot. You can use the below assets to create the Bot in Teams. * color.png - the color AI Assistant icon (192 x 192) * outline.png - the sidebar outlined AI Assistant icon (32 x 32) **Zip the color.png, outline.png, and manifest.json files into a single zip file** ![](https://files.readme.io/4af4c7eddfc95eb7bcab0e6041207dd03ce539fab74ab7af52b3b2aa88c5dcbc-image.png) **Example color.png file:** ![](https://files.readme.io/c9f9fefa54457b6f4c52b64de2374ce948fbc8ea94ad55eb2c3bba5a1217aac7-image.png) **Example outline.png file (the file is transparent, so hard to see)**: ![](https://files.readme.io/3f236b48de081ffd93bd6803ef05888d4cf3361924d949784de8164cbd38357a-image.png) ![](https://files.readme.io/40add1cf0630aa95495200dde6d8ce6309376ac256cb4ecaa54d40eee6c13c1d-image.png) **Notes:** This must be done on the same operating system that you will add the application from If the files are zipped on a Mac, they must be uploaded to the Microsoft Teams app on a Mac. Vice-versa for Windows systems. *** Using the following file template to create the **manifest.json** file, replace the `` and `` text in the template below, with your Microsoft App ID and the name of your AI Assistant respectively. If you have not decided on a name yet, you can use the name “Moveworks” as a temporary placeholder name. **Note:** As of 05/12/2022 - manifest Version 1.10 is the highest version recommended in GCCH ``` { "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.10/MicrosoftTeams.schema.json", "manifestVersion": "1.12", "version": "1.0.0", "id": "", "packageName": "com.moveworks.bots", "showLoadingIndicator": false, "developer": { "name": "Moveworks.ai", "websiteUrl": "https://www.moveworks.ai", "privacyUrl": "https://www.moveworks.com/privacy-policy", "termsOfUseUrl": "https://www.moveworks.com/terms", "mpnId": "6107273" }, "icons": { "color": "color.png", "outline": "outline.png" }, "name": { "short": "", "full": "" }, "description": { "short": "An AI Assistant that is designed to help with various tasks.", "full": "Hi! I am , an artificial intelligence (AI) Assistant that can find answers, automate tasks, and boost productivity." }, "accentColor": "#000000", "bots": [ { "botId": "", "scopes": [ "personal", "team" ], "supportsFiles": false, "isNotificationOnly": false } ], "validDomains": [ "*.moveworks.ai", "*.moveworks.io", "*.moveworks.com", "*.moveworksgov.com", "*.*.moveworks.ai", "*.*.moveworks.io", "*.*.moveworks.com", "*.*.moveworksgov.com", "*.*.*.moveworks.ai", "*.*.*.moveworks.io", "*.*.*.moveworks.com", "*.*.*.moveworksgov.com" ], "webApplicationInfo": { "resource": "https://moveworks.ai", "id": "" }, "configurableProperties": [ "name", "shortDescription", "longDescription", "smallImageUrl", "largeImageUrl", "accentColor", "developerUrl", "privacyUrl", "termsOfUseUrl" ] } ``` ## Prepare the Assets For Microsoft Teams. Do not rename any of the following files - the Teams client will expect the files to be named as listed below. ### Zip the color.png, outline.png, and manifest.json files into a single zip file ![](https://files.readme.io/fafce69-small-Untitled_-_2023-05-11T114518.285.png) ### Example color.png file: ![](https://files.readme.io/b36f74e-small-Untitled_-_2023-05-11T114532.891.png)

### Example outline.png file (the file is transparent, so hard to see): ![](https://files.readme.io/97b3529-small-imgpsh_fullsize.png) ![](https://files.readme.io/1ee9939-small-Screen_Shot_2022-02-04_at_8.34.39_PM.png) ### Notes: * This must be done on the same operating system that you will add the application from * If the files are zipped on a Mac, they must be uploaded to the Microsoft Teams app on a Mac. Vice-versa for Windows systems. ### Do not place the items into a folder before zipping. Simply select the three files and compress them. ## Deploy the AI Assistant to Microsoft Teams 1. Open the **Microsoft Teams Desktop App** 2. Click on **Apps** (on bottom left corner) ![](https://files.readme.io/f770837-small-Untitled_-_2023-05-11T115150.691.png) 3. Click on **Manage your apps** ![](https://files.readme.io/771979b-small-Untitled_-_2023-05-11T115205.029.png) 4. Click **Upload an app** ![](https://files.readme.io/285d376-small-Untitled_-_2023-05-11T115512.771.png) 5. Select **Submit an app** to your org and then select the zip file that you generated ![](https://files.readme.io/b718465-small-Screen_Shot_2022-12-14_at_11.03.35_AM.png) 6. Click on **Install** ## Get the Microsoft Teams Application GUID 1. Go back to the apps section of Microsoft Teams 2. Click on **Built for your org** ![](https://files.readme.io/764c1fa-small-Untitled_-_2023-05-11T115955.822.png) 3. Select your new bot ![](https://files.readme.io/fde4305-small-Untitled_-_2023-05-11T120014.511.png) 4. Click the link icon to **copy link** ![](https://files.readme.io/279d229-small-Untitled_-_2023-05-11T120041.334.png) 5. This link will include an ID which will act as the GUID of the App which needs to be added to the **Manage Chatbots** Config under the **Chat Platforms** Module. ### Ensure Proper Networking Allowlist Rules If you are leveraging a Firewall, CASB, or VDI, and have another layer of network firewall rules. Ensure the following Moveworks owned domain is in an allowlist so that Moveworks can render content in [Microsoft Teams Task Modules](https://learn.microsoft.com/en-us/microsoftteams/platform/task-modules-and-cards/what-are-task-modules). * `https://app.moveworksgov.ai` ## (Optional) Apply a Custom App Policy Moveworks is able to ensure that the bot’s functionalities are only accessible by approved users during development. The AI Assistant will be visible in the MS Teams app store but users will not be able to communicate with it. In some cases our customers would like to have more granular control over this access. You can do this in the Microsoft Teams Administration Console. 1. Navigate to [https://admin.teams.microsoft.com/](https://admin.teams.microsoft.com/) 2. Go to the dashboard on the left → Select **Teams apps**> **Setup policies** -> **Add New Policy** ![](https://files.readme.io/62a41a8-small-Untitled_-_2023-05-11T115855.167.png) 3. Create a custom app policy to allow the AI Assistant you just created 1. **NOTE:** If a user is assigned a custom policy, that policy applies to the user. If a user isn't assigned a custom policy, the global policy applies to the user. This means if the org is using custom app setup policies already, then you will need to add the AI Assistant to all the app setup policies. # 8) Pre-launch Steps The steps below should be completed when the AI Assistant is ready for go-live. ### Pin the App to the Microsoft Teams Sidebar ### Pin for all employees 1. Visit [admin.gov.teams.microsoft.us](https://admin.gov.teams.microsoft.us) 2. From the options on the left, select **Teams apps** ⇨ **Setup policies** 3. Click on the **Global (Org-wide default)** policy and then click **Edit** 4. Toggle the order of the apps so that the installed AI Assistant application is below the Chat option ### Pin Teams app for a specific group of users 1. Visit [admin.gov.teams.microsoft.us](https://admin.gov.teams.microsoft.us) 2. From the options on the left, select **Teams apps** ⇨ **Setup policies** 3. Click on the **+ Add button** to create a new Teams app setup policy (more info here: [https://docs.microsoft.com/en-us/MicrosoftTeams/teams-app-setup-policies](https://docs.microsoft.com/en-us/MicrosoftTeams/teams-app-setup-policies)) ![](https://files.readme.io/c9f0e27-small-Untitled_-_2023-05-11T115815.147.png) 4. Toggle the order of the apps so that the installed AI Assistant application is below the **Chat** option ![](https://files.readme.io/5970499-small-Untitled_-_2023-05-11T115747.767.png) 5. Now you can select which users you want this specific policy to apply to. There are two options here - manual method and a Powershell method. 1. **Option A: Manually enter users to add to the policy** 1. Go back to the **Setup policies** page, select the newly created App setup policy and click **Manage Users** 2. Enter the names of users you want the policy to apply to. Click **Apply** ![](https://files.readme.io/266793a-small-Untitled_-_2023-05-11T115723.697.png) 2. **Option B: Create policy for a specific group of users in Azure using Powershell** 1. Locate your group in Azure that you want to apply the policy to. Copy the object id for the group ![](https://files.readme.io/0a64a75-small-Untitled_-_2023-05-11T114246.525.png) 2. Open Powershell and enter the following commands. Once complete this can take up to 72 hours to take effect, depending on the size of the group. See here for more information. ``` New-CsGroupPolicyAssignment -PolicyType TeamsAppSetupPolicy -GroupId -PolicyName "Moveworks Bot Users" -Rank 1 Get-CsGroupPolicyAssignment -GroupId ``` Replace the group_id with the correct value above. The group_id is the Azure object id and “Moveworks Bot Users” is the name of the policy you used in the previous step.Example based on above: ``` New-CsGroupPolicyAssignment -PolicyType TeamsAppSetupPolicy -GroupId 57cdf267-5ab7-43bc-b7ad-4c55cc905e40 -PolicyName "FirstLineWorker" -Rank 1 Get-CsGroupPolicyAssignment -GroupId 57cdf267-5ab7-43bc-b7ad-4c55cc905e40 ``` ## Pinned App FAQ ### Q: Can a user unpin the AI Assistant in Teams? **A:** Moveworks AI Assistant can be unpinned from the sidebar in Microsoft Teams by the user. ### Q: What's the behavior in Teams? **A:** Moveworks AI Assistant will remain removed from the current Teams session, however once the user logs out of teams and logs back on the app setup policy kicks in and re-adds Moveworks Bot. ### Q: Can a user move the left sidebar icon around? **A:** user can move the Moveworks AI Assistant around in the left side bar, however the App Setup Policy will overwrite this once the user logs off and logs back onto teams. # Contacting Us You can reach out to Moveworks anytime at [gov-support@moveworksgov.com](mailto:gov-suppport@moveworksgov.com) or over the support channel we establish in your team’s messaging platform.