Teams Automation plugin
Teams Automation plugin
Overview
The Teams Automation plugin provides enterprise-grade Microsoft Teams message automation from within Claude Code. It uses the Microsoft Graph API with OAuth2 device code flow authentication to read, search, and process Teams messages across channels and chats.
The plugin operates in read-only mode by default. Write operations such as sending messages or creating channels are architecturally prevented and require explicit security validation with user confirmation.
Version: 7.4.1 Author: Thomas Hudak
Installation
claude plugin install teams-automation@otc-awesome-llm
Prerequisites
- Python 3.8 or later
- An Azure AD app registration with the required Graph API permissions
- The following Python packages (installed automatically or via
pip):
pip install msal keyring requests
Azure AD app registration
Register an application in Azure Active Directory with these settings:
| Setting | Value |
|---|---|
| Name | Teams Automation Tool |
| Supported account types | Single tenant |
| Redirect URI | http://localhost (public client / native) |
| API permissions | ChannelMessage.Read.All (Application), Chat.Read (Delegated), Files.Read.All (Delegated), User.Read (Delegated) |
Authentication
The plugin authenticates through the MSAL (Microsoft Authentication Library) device code flow. This approach requires no client secrets and keeps the user in control of the authentication process.
First-time setup
python scripts/teams_auth.py --setup
The setup wizard will:
- Prompt for your Azure AD tenant ID and client ID.
- Store credentials securely in the system keychain (never in plaintext files).
- Initiate the device code flow and display a URL with a one-time code.
- Complete the OAuth2 handshake and store tokens for future use.
Subsequent authentication
# Authenticate with existing credentials
python scripts/teams_auth.py
# Force a fresh authentication
python scripts/teams_auth.py --force-auth
# Check current authentication status
python scripts/teams_auth.py --status
Tokens are automatically refreshed and remain valid for up to 90 days.
Capabilities
Skill trigger phrases
The skill activates when Claude detects phrases such as:
- "check my teams messages"
- "create teams digest"
- "extract tasks from teams"
- "send teams message"
- "login to teams"
- "teams automation"
Message digest creation
Generate a categorized summary of Teams messages across channels and chats:
# Summarize all channels and chats
python scripts/message_digest.py
# Limit to the last 7 days
python scripts/message_digest.py --days 7
# Filter to specific channels
python scripts/message_digest.py --channel "General" --channel "Development"
# Write output to a file
python scripts/message_digest.py --output ~/Documents/teams_summary.md
Task extraction for Claude
Extract actionable tasks from Teams messages and format them as Claude-ready prompts:
# Extract all tasks
python scripts/task_extractor.py
# Filter by priority
python scripts/task_extractor.py --priority high
# Output as JSON
python scripts/task_extractor.py --output-format json
# Include messages matching specific keywords
python scripts/task_extractor.py --keywords "TODO" --keywords "action required"
Chronological message processing
Process large message volumes from oldest to newest with skip and resume capability:
# Process up to 1000 messages
python scripts/chronological_reader.py --max-messages 1000
# Resume a previously interrupted session (automatic)
python scripts/chronological_reader.py
# Review messages that were skipped
python scripts/chronological_reader.py --review-skipped
# Dry run to preview what would be processed
python scripts/chronological_reader.py --dry-run
Processing state is saved every 10 messages to
~/.teams-automation/chronological_state.json, allowing you to interrupt and
resume at any time.
Sending messages
Write operations require explicit user confirmation through the human-in-the-loop security gate:
# The skill will prompt for confirmation before sending
# Example interaction in Claude Code:
# User: "Send a message to the Development channel saying the deploy is complete"
# Claude: [Security confirmation prompt] -> User confirms -> Message sent
User search and disambiguation
The plugin includes an intelligent user search strategy that:
- Prioritizes individual users over groups when searching by person name.
- Normalizes name formats ("First Last" and "Last, First").
- Prevents accidental self-messaging.
- Supports three-word names (for example, "Mary Jane Smith").
Browser automation fallback
When Graph API authentication is unavailable, the plugin falls back to browser automation with enhanced 2FA handling:
- Automatic detection of stuck verification pages.
- SMS code expiration tracking (warns at 8 minutes of the 10-minute window).
- Seven recovery strategies: page reload, back navigation, SMS refresh, method switch, flow restart, cookie clear, and manual intervention guidance.
Configuration
Create a configuration file at ~/.teams-automation/config.json:
{
"tenant_id": "YOUR_TENANT_ID",
"client_id": "YOUR_CLIENT_ID",
"default_channels": ["General", "Development"],
"task_extraction": {
"keywords": ["TODO", "action required", "urgent", "@task"],
"priority_indicators": {
"high": ["urgent", "ASAP", "critical", "blocker"],
"medium": ["important", "priority", "needed"],
"low": ["when you can", "no rush", "nice to have"]
}
},
"digest_settings": {
"max_messages_per_channel": 20,
"exclude_users": ["bot@", "system@"],
"include_replies": true
}
}
Protect the configuration directory:
chmod 700 ~/.teams-automation
chmod 600 ~/.teams-automation/config.json
Security architecture
The plugin implements multiple layers of protection:
| Layer | Component | Purpose |
|---|---|---|
| Authentication | teams_auth.py | OAuth2 device code flow with MSAL |
| Credential storage | secure_credentials.py | System keychain integration, no plaintext |
| Operation validation | security_validator.py | Classifies operations as READ/WRITE/DELETE/SEND |
| Content sanitization | message_sanitizer.py | Neutralizes prompt injection in message content |
| Audit logging | audit_logger.py | Timestamps and logs all operations |
| Rate limiting | Built into teams_client.py | Respects Graph API throttling limits |
Shadow prompting protection
Message content is automatically sanitized against prompt injection attacks. The sanitizer detects 20+ known techniques including direct instruction overrides, hidden instructions in adaptive cards, role confusion attempts, and bot message injection. Each message receives a risk score (low, medium, high, or critical) and high-risk content is wrapped with prominent warnings.
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| "No credentials found" | First-time setup not completed | Run python teams_auth.py --setup |
| "Token expired" | Token refresh failed | Run python teams_auth.py to re-authenticate |
| "Permission denied" | Missing Azure AD API permissions | Verify app registration permissions in Azure portal |
| "Rate limit exceeded" | Too many API calls | Wait and retry; the client handles backoff automatically |
Related
- Plugin catalog -- Overview of all available plugins
- Outlook Automation plugin -- Email counterpart using the same security architecture