# Microsoft Teams scope
> The Microsoft Teams activities use the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop) to establish an authenticated connection between UiPath and your Microsoft Teams application via the **Microsoft Scope** activity. This connection enables a Robot to call the Microsoft Graph API to read and write resources on your behalf.
The Microsoft Teams activities use the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop) to establish an authenticated connection between UiPath and your Microsoft Teams application via the **Microsoft Scope** activity. This connection enables a Robot to call the Microsoft Graph API to read and write resources on your behalf.
To establish your authenticated connection, you first register your Microsoft Teams application in your Azure Active Directory (using your personal, work, and/or school Microsoft Office 365 account). When registering your application, you assign the [Microsoft Graph API permissions](https://docs.microsoft.com/en-us/graph/auth/auth-concepts#microsoft-graph-permissions) that specify the resources a Robot can access on your behalf.
After registering your Microsoft Teams application, Azure Active Directory assigns a unique application (client) ID that you enter in the **Microsoft Teams Scope** activity. The **ApplicationID** is used to collect the necessary information about your registered app to initiate authentication.
:::note
To learn more about registering your application and assigning permission, see the [Setup](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-setup#setup) guide. This guide provides step-by-step instructions to configure your Microsoft Teams application for automation.
:::
## How it works
The following steps and message sequence diagram is an example of how the activity works from design time (that is, the activity dependencies and input/output properties) to run time.
1. Complete the [Setup](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-setup#setup) steps.
2. Add the [Microsoft Teams Scope](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-scope#microsoft-teams-scope) activity to your project.
3. Enter values for the [Authentication](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-scope#authentication), [Input](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-scope#microsoft-teams-scope), and [Unattended](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-scope#authentication) (if applicable) properties.
### Unattended Vs. attended automation
The **Microsoft Teams Scope** activity has three different authentication flows (**AuthenticationTypes**) that you can choose from when adding the activity to your project. Your selection is dependent on the type of automation mode you plan to run (unattended or attended) and your application authentication requirements (consult with your administrator if you're unsure which authentication requirements apply to your application).
| AuthenticationType | Attended | Unattended |
| --- | --- | --- |
| **InteractiveToken** | X | N/A |
| **IntegratedWindowsAuthentication** | X | X |
| **UsernameAndPassword** | X | X |
:::important
Unattended automation does not support multi-factor authentication. If you're application requires multi-factor authentication, you can only run attended automation using the **InteractiveToken** authentication type.
:::
#### Interactive Token
The **InteractiveToken** authentication type can be used for attended automation and when multi-factor authentication (MFA) is required. This is the default option and what we use in our examples. If you're interested in "playing around" with the activity package, this option is easy to configure and works well for personal accounts (using the default redirect URI noted in step 7 of the [Register your application](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-setup#setup) section of the Setup guide).
When the **Microsoft Teams Scope** activity is run for the first time using this authentication type, you are prompted to authorize access to the resources (you granted permissions to when registering your app) via a [consent](https://docs.microsoft.com/en-us/graph/auth-v2-user?context=graph%2Fapi%2F1.0&view=graph-rest-1.0#consent-experience) dialogue box.
If you select this option, the **Username**, **Password**, and **Tenant** properties should be left empty.
This authentication type follows the [OAuth 2.0 authorization code flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).
#### Integrated Windows Authentication
The **IntegratedWindowsAuthentication** authentication type can be used for both attended and unattended automation. This option can apply to Windows hosted applications running on computers joined to a Windows domain or Azure Active Directory.
You should only select this option if your registered application is configured to support [Integrated Windows Authentication](https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/integrated-windows-authentication) (additional information can be found on [GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Integrated-Windows-Authentication)).
If you select this option, the **Username**, **Password**, and **Tenant** properties should be left empty.
#### Username and Password
The **UsernameAndPassword** authentication type can be used for both attended (when multi-factor authentication is not required) and unattended automation.
Though it's not recommended by Microsoft, you can use this authentication type in public client applications. Using this authentication type imposes constraints on your application. For instance, apps using this flow won't be able to sign in a user who needs to perform multi-factor authentication (conditional access). It won't enable your application to benefit from single sign-on either. Authentication with username/password goes against the principles of modern authentication and is only provided for legacy reasons (additional information can be found on [GitHub](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Username-Password-Authentication)).
If you select this option, the **Username** and **Password** properties are required and the **Tenant** property is optional for single-tenant applications (required for multi-tenant applications).
:::note
The **ApplicationID** property is required when selecting the *UsernameAndPassword* **AuthenticationType**. You can register your Microsoft Office 365 Application using your personal, work, and/or school account.
:::
## Properties
The values for the following properties are specified when adding this activity to your project in UiPath Studio.
### Common
#### DisplayName
The display name of the activity.
| Attributes | Details |
| --- | --- |
| **Type** | `String` |
| **Required** | Yes |
| **Default value** | *Microsoft Teams Scope* |
| **Allowed values** | Enter a `String` or `String` variable. |
| **Notes** | N/A |
### Authentication
#### ApplicationID
The unique application (client) ID assigned by the Azure Active Directory when you registered your app during [Setup](https://docs.uipath.com/marketplace/automation-cloud/latest/user-guide/microsoft-teams-setup#setup).
Attributes
Details
Type
String
Required
Yes
Default value
Empty
Allowed values
Enter a String or String variable.
Notes
The application (client) ID represents an instance of a Microsoft Teams application. A single organization can have multiple application (client) IDs for their Microsoft Office 365 account. Each application (client) ID contains its own permissions and authentication requirements.
For example, you and your colleague can both register a Microsoft Teams application in your company's Azure Active Directory and generate your own application (client) ID.
#### AuthenticationType
The type of authentication required for your registered application.
| Attributes | Details |
| --- | --- |
| **Type** | Drop-down selection |
| **Required** | Yes |
| **Default value** | *InteractiveToken* |
| **Allowed values** | Select one of the three options: **InteractiveToken** **IntegratedWindowsAuthentication** **UsernameAndPassword** |
| **Notes** | For more information about these options and which one to select, see the [Unattended and Attended Automation](https://docs.uipath.com/integrations/docs/microsoft-office-365-scope#section-unattended-vs-attended-automation) section above. |
#### Tenant
The unique directory (tenant) ID assigned by the Azure Active Directory when you registered your app during.
| Attributes | Details |
| --- | --- |
| **Type** | `String` |
| **Required** | No (required for multi-tenant applications) |
| **Default value** | Empty |
| **Allowed values** | Enter a `String` or `String` variable. |
| **Notes** | The directory (tenant) ID can be found in the overview page of your registered application (under the application (client) ID). |
### Interactive Token
#### OAuthApplication
Indicates the application (client) to be used.
| Attributes | Details |
| --- | --- |
| **Type** | `enum` |
| **Required** | No |
| **Default value** | Custom |
| **Allowed values** | Custom, UiPath |
| **Notes** | If 'UiPath' is selected, ApplicationId and Tenant are ignored. |
### Username and Password (Unattended)
These properties apply when you run unattended automation only. When specifying values for these properties, be sure the **AuthenticationType** property is set to *UsernameAndPassword*. For more information, see the [Username and Password](https://docs.uipath.com/integrations/docs/microsoft-office-365-scope#section-username-and-password) section above.
#### Password
The password of your Microsoft Office 365 account.
| Attributes | Details |
| --- | --- |
| **Type** | `String` |
| **Required** | No (required if **AuthenticationType** is *UsernameAndPassword*) |
| **Default value** | Empty |
| **Allowed values** | Enter a `String` or `String` variable. |
| **Notes** | N/A |
#### SecurePassword
The password of your Microsoft Office 365 account.
| Attributes | Details |
| --- | --- |
| **Type** | `SecureString` |
| **Required** | No (required if **AuthenticationType** is *UsernameAndPassword*) and Password is null. |
| **Default value** | Empty |
| **Allowed values** | Enter a `SecureString` or `SecureString` variable. |
| **Notes** | N/A |
#### Username
The username of your Microsoft Office 365 account.
| Attributes | Details |
| --- | --- |
| **Type** | `String` |
| **Required** | No (required if **AuthenticationType** is *UsernameAndPassword*) |
| **Default value** | Empty |
| **Allowed values** | Enter a `String` or `String` variable. |
| **Notes** | N/A |