Integrating Microsoft Teams with Privilege Manager

The Privilege Manager Microsoft Teams Approval Bot lets approvers allow or deny endpoint elevation requests directly from a Microsoft Teams channel — no need to log into the Privilege Manager console.

When an endpoint user submits an elevation request, the bot picks it up and posts an Adaptive Card to a registered Teams channel. An approver clicks Approve or Deny on the card, and Privilege Manager applies the result immediately.

Architecture

Azure Bot Service acts as the broker between Microsoft Teams and the bot container. Teams does not communicate with the container directly — it sends activities (button clicks, mentions, and messages) to Azure Bot Service, which forwards them to the bot's HTTPS endpoint. The container must be reachable at a public HTTPS URL.

How It Works

1. A user on a managed endpoint requests an elevation (for example, right-clicking an application and selecting Request Run as Administrator).

2. The bot polls Privilege Manager and picks up the pending request within 60 seconds.

3. The bot posts an Adaptive Card to the registered Teams channel showing the requester, computer, policy, application, and duration options.

4. An approver clicks Approve or Deny directly in Teams.

5. Privilege Manager applies the result on the endpoint instantly.

In This Section

• Prerequisites

• Configuration

  • Azure Bot Setup

  • Auto-Approve (Optional)

• User Setup

• Verification

• Troubleshooting