Installer Guides

MS Teams

Connecting MS Teams to LightBeam

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: MS Teams, MS Outlook, Gmail, Slack, etc.

Connecting MS Teams Data Source

  1. Log in to your LightBeam Instance.

  2. Click on DATASOURCES on the Top Navigation Bar.

  3. Click on Add a Data Source.

Figure 1. Add Data Source

  1. Search for “Teams”.

    Figure 2. Search for Teams

  2. Click on Teams.

Figure 2.1 Teams

  1. Fill in the details as shown below and click on Next:

Basic Information

  1. Data Source Name: This is the unique name given to the data source.

  2. Description: This is an optional field needed to describe the use of this data source.

  3. Primary Owner: Email address of the person responsible for this data source which will get alerts by default.

  4. Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.

  5. Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes that help to identify if the other attributes/entities found in any other data source are accurate or not. A Source of Truth data set would create entities based on the attributes found in the data.

  6. Location: The location of the data source.

  7. Purpose: The purpose of the data being collected/processed.

  8. Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

Figure 3. LightBeam Teams - Basic Information

Datasource Configuration

  1. Provide the credentials as shown below and click on Test Connection.

Connection Details

  • Client Id: It refers to the unique identifier assigned to the Azure portal application that is used for integrating LightBeam with the Teams data source. It is generated when you register an application in the Azure portal.

  • Client Secret value: It is a confidential key or password associated with the Azure portal application. It is used to authenticate and authorize the application when accessing Teams resources. The Client Secret value is generated when you create a new client secret in the Azure portal.

  • Tenant Id: It is a unique identifier assigned to the Azure Active Directory (AAD) tenant associated with the organization. It represents the organization's directory or identity store in Azure AD. The Tenant Id is obtained from the Azure portal.

  • Event Hub Name: Name of the Azure EventHub entity. It can be found under Azure EventHub Namespace's entity tab.

  • Event Hub Notification URL: URL of the Azure Vault secret where we stored the Event Hub Notification connection string primary key as value.

Figure 4. LightBeam Teams - Test Connection

  1. Verify that you get the message “Connection Success!”. Click on Next.

  2. In this step, you can choose :

    1. Domain which you want to scan for: This is an optional field where you specify the domain name that you want to scan from total detected domains.

    2. Scan selected members and groups: Email address of members and groups which you want to include or exclude from scanning.

Figure 5. LightBeam Teams - Scan Settings

i) Scan all channels.

ii) Scan selected channels

To choose option (i), select Scan all channels, and click on Save.

Under EXCLUSION LIST FOR SCANNING, you can select the channel names you want to exclude from the scan.

Figure 5.1 LightBeam Teams - Scan Settings

To choose option (ii), select Scan selected channels. You can select the channels in the drop-down menu.

Select the inputs by ticking the checkboxes next to them.

Figure 5.2 LightBeam Teams - Scan Settings

  1. Click on Save.

Now, we are ready to browse through the onboarded Teams datasource dashboard.

Note: To get the MS Teams data source details please check Appendix

Appendix

Steps to Generate MS Teams Data Source Credentials

  1. Log in to https://azure.microsoft.com/en-gb/

  2. Click on Portal.

Figure 6. Microsoft Azure Portal

  1. Click on the Search box on the Top Navigation bar. Type and search for “App Registrations”.

  2. Click on App Registrations.

Figure 7. Click on App Registrations

  1. Click on New Registration. Add details as shown below and click Register.

Figure 8. Register an Application

  1. Click on Certificates and secrets.

  2. Click on New client secret.

  3. Fill in the client secret details in the Description and Expires fields.

  4. Click on Add.

Figure 9. Add a client secret

  1. Copy the Client Secret value and keep it secure for future use as you will not be able to retrieve it later.

Example: x_sWncr4m~.2lFeKlWR1pu3SgT32lg.254

Figure 10. Client secret ID

  1. Configure API Permissions.

Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions -> Add following permissions

Then add the following permissions:

Channel.ReadBasic.All
ChannelMember.Read.All
ChannelMessage.Read.All
Chat.ReadBasic.All
Domain.Read.All
Files.Read.All
Sites.Read.All
Team.ReadBasic.All
TeamSettings.Read.All
User.Read
User.Read.All

  1. Once permissions are added, click on Grant admin consent for “Lightbeam.ai.”

Figure 11. API permissions

Figure 11. API permissions

Now, your application is ready to register.

NOTE: You should be an admin user to approve the permissions. If you’re not an admin user, take admin access or contact the administrator.

Setting up Azure EventHub service to support Live Sync

To support live sync functionality, LightBeam requires the setup of an Azure EventHub service. Follow the steps below to configure the necessary components:

1. Create Azure EventHub Namespace

  1. Create an Azure EventHub Namespace with the following details and leave the advanced settings at their default values:

Figure 12. Create Azure Eventhub Namespace

  1. Create a Shared Access Policy (ensure that Manage, Send, and Listen permissions are enabled):

Figure 13. Create shared access policies

2. Create EventHub and Obtain Connection String

  1. Within the EventHub Namespace, create an EventHub entity (Entities -> Event Hubs).

Create Event Hub within Event Hub namespace

  1. Create a Shared access policies and copy the Connection String–Primary Key, as it will be required later. (ensure that Manage, Send, and Listen permissions are enabled):

Connection string of Event Hub

3. Set Up Azure Key Vault

  1. Set up an Azure Key Vault (ensure that Vault Access Policy is selected on the Access Configuration tab). Other values can be left as default.

Figure 14. Set up Azure Key-vault
Figure 15. Select Vault Access policy

  1. Add two access poliiesy for key vault created.

    1. Policy for the newly registered application (for example: lb-teams) with following permissions.

Figure 16.1. Add access policies

Figure 16.2. Permissions for registered applications
Figure 16.3. Select registered application (example: ln-teams)

  1. Add second access policy (Microsoft Graph Change Tracking), For Secret permissions, select Get, and for Select Principal, select Microsoft Graph Change Tracking. Select Add.

Figure 16.4. From Secret permissions, select Get
Figure 16.5. Select Microsoft Graph Change Tracking
Figure 16.6. You should be able to see above Microsoft Graph Change Tracking

  1. Create a secret in the newly created Azure Key Vault (Objects -> Secrets) and set the value to the Connection String–Primary Key copied from the Event Hubs Namespace -> Entities -> Your Azure EventHub Instance -> Shared Access Policy -> Connection string–primary key. Example: Endpoint=sb://<Event Hubs Namespace name>.servicebus.windows.net/;SharedAccessKeyName=access-policy;SharedAccessKey=<generated by Azure>=;EntityPath=<Your Event Hubs Instance name>

Figure 17. Create a secret in Azure Key-secret

4. Obtain Required Parameters

After completing the above steps, you will have all the required parameters to create the MS Teams integration with LightBeam:

✔️ Client ID: Obtain from the application overview page. ✔️ Client Secret value: Obtain from the application overview page. ✔️ Tenant ID: Obtain from the application overview page. ✔️ Event Hub Name: Obtain from the name from Event Hubs Namespace -> Entities -> Name of the Event Hubs Instance created for LightBeam. ✔️ Event Hub Notification URL: Create using the vault URL with the following structure:

EventHub:https://<vault-name>.vault.azure.net/secrets/<secret-name>?tenantId=<tenantId>

For example, 

EventHub:https://lb-teams-vault.vault.azure.net/secrets/lightbeam-ms-teams-secret?tenantId=a7dd034e-dc1d-47d8-acfc-b933dd12fc3f/

Note: Upon opening EventHub, you will be directed to the EventHub Namespace overview page rather than the EventHub-specific overview. To access the EventHub's dedicated overview page, please follow these steps: Click on "EventHub" in the left sidebar and subsequently select the desired Event Hub Name.

Figure 18. Create EventHub notification URI

5. IP Whitelisting in Restricted Environments

To set up IP whitelisting in a restricted environment, consult the following Microsoft documentation links for the respective services:

Success Tip: We recommend creating a dedicated Azure portal application specifically for integrating LightBeam with the MS Teams data source. This application should be exclusively used for this purpose and not shared or repurposed for any other clients or applications. By doing so, you ensure secure and efficient access control, as well as maintain proper management of the LightBeam-Teams connection.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: [email protected].

PreviousSlackNextMS Outlook

Last updated