Team Discussion Assistant
The Team Discussion Assistant in Unit4 Advanced Virtual Assistant (Ava) allows you to open discussion channels in Microsoft Teams from certain windows in Unit4 ERPx, in order to discuss tasks with colleagues. Currently this functionality is only available together with the PIM (Procurement Invoice Management) service.
System setup
To make the functional set up for the Team Discussion Assistant, someone with administrator permissions within the MS Teams organization needs to perform the following steps.
Required user delegated permissions within Microsoft Teams
To start a discussion in Microsoft Teams, the user will be asked to log in to their domain account. In order to select participants, the user must have the following permissions (defined in the customer's Microsoft Entra ID):
| Permission | Microsoft Permission Description | Ava's use of permission |
|---|---|---|
| Email, OpenID, Profile, Offline_access | Minimum permissions needed to do basic sign-in. | Sign in to the user account. |
| ChannelMessage.Send | Send channel messages. | Send messages in the Ava-created discussion channels on behalf of the user once the discussion is created. |
| People.Read Presence.Read.All User.Read User.ReadBasic.All |
Read a list of relevant people of the signed-in user. Read presence information of all users in the organization (availability, status note, timezone, etc). Read the profile of the signed-in user. Read all users' basic profiles in the organization (display name, first and last name, email address, photo ,etc). |
Query users, as well as their presence and basic profiles when searching for colleagues within the customer user's organization to include in the discussion. |
| U4ava.collab.access | N/A | Create a new discussion. |
Required application permissions within Microsoft Teams
Ava service requires additional permissions, in order to create or manage teams and discussion channels in Microsoft Teams for the customer organization.
The following permissions are needed.
| Permission | Microsoft Permission Description | Ava's use of permission |
|---|---|---|
| AppCatalog.Read.All | Read the apps in the app catalogs. | Install the Ava app in Microsoft Teams for those users that use the discussion assistant but do not yet have the Ava app installed. |
| Channel.Create | Create channels in any team. | Create discussion channels in specific teams created by Ava. |
| Channel.ReadBasic.All | Read the names and descriptions of all channels. | Search for Ava-created discussion channels for archiving and storage in ERPx, and subsequently delete them in Microsoft Teams. |
| ChannelMessage.Read.All | Read all channel messages. | Read messages in Ava-created discussion channels for archiving and storage in ERPx. We need the ChannelMessage.Read.All permission because Microsoft does not offer read access for specific channels. However, we will strictly limit our access to Ava-created discussion channels and will not read the content of any other channels. |
| Group.ReadWrite.All | Read and write all Microsoft 365 Groups (Groups control access to Microsoft Teams resources and APIs). | Delete Ava-created teams. |
| Team.Create | Create teams. | Create teams. |
| Team.ReadBasic.All | Get a list of all teams. | Search for Ava-created teams for archiving and storage in ERPx, and subsequently delete them in Microsoft Teams. |
| TeamMember.ReadWrite.All | Add and remove members from all teams. | Include the selected users in Ava-created discussion channels. |
| TeamsAppInstallation.Read.All | Read installed Teams apps for all installation scopes. | Install the Ava app in Microsoft Teams for those users that use the discussion assistant but do not yet have the Ava app installed. |
| TeamsAppInstallation.ReadForUser.All | Read installed Teams apps for all users. | Install the Ava app in Microsoft Teams for those users that use the discussion assistant but do not yet have the Ava app installed. |
| TeamsAppInstallation.ReadWriteAndConsentForTeam.All | Manage installation and permission grants of Teams apps for all teams. | Install the Ava app in Microsoft Teams for those users that use the discussion assistant but do not yet have the Ava app installed. |
| TeamsAppInstallation.ReadWriteAndConsentForUser.All | Manage installation and permission grants of Teams apps in a user account. | Install the Ava app in Microsoft Teams for those users that use the discussion assistant but do not yet have the Ava app installed. |
| User.ReadBasic.All | Read all users' basic profiles (display name, first and last name, email address, photo, etc). | Read basic profiles of users belonging to Ava-created discussion channels. |
Accepting permission requests
All required permissions (both delegated and application permissions) can be granted in the different environments by the customer organization administrator by going to:
-
Microsoft admin consent NPE and accepting the request.
-
Microsoft admin consent PE and accepting the request.
ERPx CSP
In order to ensure proper functioning of the Team Discussion Assistant, the following policies need to be added to ERPx CSP:
-
On NPEs: login.microsoftonline.com, graph.microsoft.com and s-eun-da1-preview-collaborationtool.azurewebsites.net
-
On PEs: login.microsoftonline.com, graph.microsoft.com and s-eun-da2-collaborationtool.azurewebsites.net