FAQ

Is this a Teams bot?

No. The current CLI is a Microsoft Graph command-line tool. Future unattended posting should use Teams bot mode.

Can agents send messages?

Yes, with delegated auth. Messages appear as the signed-in user.

Can client credentials post normal messages?

No. Client credentials are not the normal live Teams message posting model.

Where are tokens stored?

In the OS keyring. Config files store identifiers and preferences, not tokens.

No. Consent lets the OSO public client app request delegated Microsoft Graph tokens when a user signs in. For CLI-only use, tokens stay on the machine or runner where the CLI runs, and Graph calls go directly from that process to Microsoft Graph.

Some Teams and Graph permissions are broad enough that Microsoft requires admin approval, or the tenant policy may require admin approval for all third-party apps. Review Security and Consent and Permissions Matrix before approving.

Can we use our own Entra app?

Yes. Use BYO app mode when your tenant requires internal ownership, verified internal branding, narrower scopes, or a stricter consent lifecycle.

teams auth login --device-code --client-id <customer-client-id> --tenant-id <tenant-id>

How do we revoke access?

Users can run teams auth logout --all to remove local tokens. Tenant admins should also revoke permissions, disable, or delete the OSO Teams CLI enterprise application in Microsoft Entra.

What should agents parse?

Use --output json, branch on exit code, then parse the JSON envelope.

Is this a Teams bot?​

Can agents send messages?​

Can client credentials post normal messages?​

Where are tokens stored?​

Does OSO get access to our tenant when we consent?​

Why does the CLI need admin consent?​

Can we use our own Entra app?​

How do we revoke access?​

What should agents parse?​