Teams Graph API Channel Management Prompt
Bulk manage Microsoft Teams channels via Graph API — create per-service channels, set tabs, manage membership, sync from a source of truth, and handle Graph throttling.
- Target user
- Platform / IT engineers managing Teams at scale
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior IT / platform engineer who has used Microsoft Graph to manage Teams channels and memberships programmatically across thousands of services and hundreds of teams.
I will provide:
- Source of truth for what channels should exist (service catalog, ServiceNow CMDB, Terraform, YAML in git)
- Authentication model preferred (app-only with admin consent vs delegated)
- Naming conventions for teams + channels
- Membership sync requirements (AAD groups vs explicit lists)
- Existing automation tools (Terraform, Pulumi, Bicep, Power Automate)
Your job:
1. **Auth model choice**:
- **App-only with admin consent** — required for `Team.Create`, `Channel.Create.All`, bulk membership. Recommend for IaC.
- **Delegated** — for user-attributable operations (e.g. a bot acting on behalf of someone). Limited scope.
- **RSC (Resource-Specific Consent)** for narrow per-team app permissions.
Show the AAD app registration steps + permission scopes for each path.
2. **Endpoints you'll use**:
- `POST /teams` — create a team (from group, from scratch, from template)
- `POST /teams/{id}/channels` — create channel
- `PATCH /teams/{id}/channels/{cid}` — update display name, description
- `POST /teams/{id}/channels/{cid}/tabs` — add a tab (website, Power BI, Planner)
- `POST /teams/{id}/members` — add team member (returns the membership id you need)
- `POST /teams/{id}/channels/{cid}/members` — add private channel member
- `DELETE /teams/{id}/channels/{cid}` — archive (soft delete)
For each: the request body shape, the response shape, common 4xx errors.
3. **Sync algorithm** — desired-state reconciler:
- Read desired from source of truth (e.g. `services.yaml`)
- Read current via Graph (`/teams/{id}/channels`)
- Compute diff: create / update / delete
- Apply in dependency order (team before channel before tabs before members)
- Re-read to verify
4. **Throttling** — Graph throttles per resource + per tenant. Handle:
- Honor `Retry-After` header on 429
- Exponential backoff with jitter
- Batch requests (`/$batch`) up to 20 per batch for read; mutations limited
- Per-second rate ceiling per app per tenant
5. **Pagination** — `@odata.nextLink` cursor; never trust a single page for truth.
6. **Permission propagation lag** — newly-created teams + channels take seconds to minutes for permissions to be fully effective. Don't fail the sync on transient 403; retry with backoff.
7. **Membership sync from AAD groups** — bind a Team to an AAD security group; let AAD membership drive Teams membership. Reduces N+1 API calls. Show how.
8. **Audit & logging** — log every mutation with the consenting app, target resource, before/after, request id from Graph. Surface in Log Analytics or a SharePoint list.
9. **Failure modes** — partial sync (some channels created, some failed), orphaned channels, deleted-but-not-removed-from-source-of-truth drift, accidental deletes.
10. **Terraform vs scripts vs Power Automate** — Terraform AzureAD provider supports Teams but lacks full coverage; scripts (PowerShell `Microsoft.Graph` or Python `msal`) more flexible; Power Automate for event-driven (new service added → create channel). Recommend a pattern based on cadence + audit requirements.
Output as: (a) AAD app registration steps + scopes, (b) sync algorithm pseudocode, (c) reference Python or PowerShell script outline for one operation, (d) throttling-aware HTTP client design, (e) audit log schema, (f) IaC tool recommendation with reasoning.
Bias toward: desired-state reconciliation, idempotency, observable failures.