You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a startup/ISV publishing an app in the Store, it is good to simulate a multi-tenant environnement as soon as possible in the dev process.
I would like to use Teams Toolkit to create such an environnement, with a clear separation between resources that are managed on the ISV side and resources that are managed on the customer/user side.
For example:
Azure resources such as Bot Service or Web App should be provisioned in the ISV Azure subscription (which is using the ISV Entra ID as the directory)
App Registration should be done in the ISV Entra ID tenant (the service principal will be created later during first app consent in the customer Entra ID tenant)
Teams app in the Dev Portal should be register with a ISV Entra ID account (and not with a customer Entra ID account)
Microsoft 365 tenant should be under the Customer Entra ID (ISV doesn't have to have M365/Teams/Copilot licenses to manage the app)
I've configured Teams Toolkit with two accounts:
Azure account: one user account in the ISV tenant
M365 account: one user account in the customer tenant
The first issue I'm having right now is the fact that the App Registration is created in aadApp/create (and updated in aadApp/update) in the tenant of the Microsoft 365 Account of Teams Toolkit (which represents the customer).
How can I tell Teams Toolkit to use the tenant of the Azure Account of Teams Toolkit instead (which represents the ISV)?
The second issue I think I will have is the fact that the Teams app is created in teamsApp/create (and other teamsApp/* steps) with the Microsoft 365 Account in Teams Toolkit.
It would be better if it can be created with the Azure Account instead.
However, I'm not sure that would allow the app to be deployed to another tenant so an extra step might be needed to deploy the app in the customer tenant by sideloading it for the user or for the entire org.
I've tried to configure Teams Toolkit this way:
Azure account: one user account in the ISV tenant
M365 account: same user account in the ISV tenant
The pro is that all resources are deployed in the ISV tenant with this config but I then need to manually deploy the Teams app to the customer tenant (I can't use teamsApp/publishAppPackage for that as it will try to use the ISV tenant account). Furthermore Teams Toolkit UX is not happy because the account used as the M365 account doesn't have Custom App Upload rights.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
As a startup/ISV publishing an app in the Store, it is good to simulate a multi-tenant environnement as soon as possible in the dev process.
I would like to use Teams Toolkit to create such an environnement, with a clear separation between resources that are managed on the ISV side and resources that are managed on the customer/user side.
For example:
I've configured Teams Toolkit with two accounts:
The first issue I'm having right now is the fact that the App Registration is created in aadApp/create (and updated in aadApp/update) in the tenant of the Microsoft 365 Account of Teams Toolkit (which represents the customer).
How can I tell Teams Toolkit to use the tenant of the Azure Account of Teams Toolkit instead (which represents the ISV)?
The second issue I think I will have is the fact that the Teams app is created in teamsApp/create (and other teamsApp/* steps) with the Microsoft 365 Account in Teams Toolkit.
It would be better if it can be created with the Azure Account instead.
However, I'm not sure that would allow the app to be deployed to another tenant so an extra step might be needed to deploy the app in the customer tenant by sideloading it for the user or for the entire org.
I've tried to configure Teams Toolkit this way:
The pro is that all resources are deployed in the ISV tenant with this config but I then need to manually deploy the Teams app to the customer tenant (I can't use teamsApp/publishAppPackage for that as it will try to use the ISV tenant account). Furthermore Teams Toolkit UX is not happy because the account used as the M365 account doesn't have Custom App Upload rights.
Any thoughts?
Beta Was this translation helpful? Give feedback.
All reactions