Back to home

Kairos Knowledge Base

Integrations

Kairos Follow-Ups: Enable Meeting Notes from Teams Transcripts (add CAP)

Prerequisites & Setup: Application Access Policy for Kairos Teams Integration

Before You Begin

Client Environment Requirements:

Microsoft 365 tenant with Teams enabled
Entra ID Premium P1 or P2 license (for Conditional Access)
Teams Administrator or Global Administrator role
PowerShell execution capability (Windows PowerShell 5.1+ or PowerShell 7+)

Kairos Application Requirements:

Kairos application already deployed and accessible to users
Admin consent granted for standard Kairos permissions
Users experiencing "Application is not allowed to perform operations" errors when accessing data

Pre-Step 1: Verify Kairos Application Details

Find Your Kairos Application ID:

Go to Entra admin center > Enterprise applications
Search for "Kairos"
Click on the Kairos application
Note the Application (client) ID - you'll need this for the policy

Example: 36a3771d-9dce-4c91-beb0-bfaf9e5eb7d6

Verify Admin Consent:

In the same Enterprise application > Permissions tab
Ensure these permissions have green checkmarks:
- OnlineMeetings.Read.All
- OnlineMeetingTranscript.Read.All
- Other Microsoft Graph permissions as needed
If missing, click "Grant admin consent for [your organization]"

Pre-Step 2: Install Required PowerShell Modules

Install Microsoft Teams PowerShell Module:

# Check if module is installed

Get-Module -ListAvailable -Name MicrosoftTeams

# Install if not present

Install-Module -Name MicrosoftTeams -Force -AllowClobber

# Install Microsoft Graph module (for group management)

Install-Module -Name Microsoft.Graph -Force -AllowClobber

For Linux/AWS Workspaces:

# Install PowerShell 7 first

curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.0/powershell-7.4.0-linux-x64.tar.gz -o /tmp/powershell.tar.gz

sudo mkdir -p /opt/microsoft/powershell/7

sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7

sudo ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh

# Then install modules in PowerShell

pwsh

Install-Module -Name MicrosoftTeams -Force -AllowClobber

Pre-Step 3: Gather Required Information

Collect These Details Before Starting:

Information Needed	Where to Find	Example
Tenant ID	Entra admin center > Overview	`6c8bc6e8-9cdb-4412-b1c3-55d338779ad6`
Kairos App Client ID	Enterprise applications > Kairos	`36a3771d-9dce-4c91-bfb0-afaf9e5eb7d6`
Users Needing Access	Security group or user list	Pilot group vs. all users
Admin Credentials	Your Global/Teams Admin account	`admin@yourcompany.com`

Step-by-Step: Create the Application Access Policy (CAP)

Step 1: Connect to Microsoft Teams PowerShell

# Connect to your tenant

Connect-MicrosoftTeams -TenantId "YOUR_TENANT_ID_HERE"

# You'll be prompted for authentication - use your Global Admin or Teams Admin credentials

Step 2: Create the Application Access Policy

# Create the policy with your Kairos application Client ID

New-CsApplicationAccessPolicy -Identity "KairosAppPolicy" -AppIds "YOUR_KAIROS_CLIENT_ID_HERE" -Description "Policy for Kairos application to access Teams transcripts and recordings"

Example with actual values:

New-CsApplicationAccessPolicy -Identity "KairosAppPolicy" -AppIds "36a3771d-8dce-4c91-beb0-afaf9e5eb7d6" -Description "Policy for Kairos application to access Teams transcripts and recordings for enhanced CRM integration"

Step 3: Verify Policy Creation

# Check that the policy was created successfully

Get-CsApplicationAccessPolicy -Identity "KairosAppPolicy"

Expected Output:

Identity    : Tag:KairosAppPolicy
AppIds      : {36a3771d-8dce-4c91-beb0-afaf9e5eb7d6}
Description : Policy for Kairos application to access Teams transcripts and recordings for enhanced CRM integration

Step 4: Grant Policy to Users

Option A: Grant to Individual Users

# Grant to specific users

Grant-CsApplicationAccessPolicy -PolicyName "KairosAppPolicy" -Identity "user1@company.com"

Grant-CsApplicationAccessPolicy -PolicyName "KairosAppPolicy" -Identity "user2@company.com"

Option B: Grant to All Users Globally

# Grant to all users in the tenant

Grant-CsApplicationAccessPolicy -PolicyName "KairosAppPolicy" -Global

Option C: Grant to Security Group Members (Batch Process)

# First, get users from your security group

Connect-MgGraph -Scopes "Group.Read.All", "User.Read.All"

$group = Get-MgGroup -Filter "displayName eq 'Kairos-Teams-Access'"

$members = Get-MgGroupMember -GroupId $group.Id

# Extract UPNs and grant policy

$users = @()

foreach ($member in $members) {

$user = Get-MgUser -UserId $member.Id

$users += $user.UserPrincipalName

}

# Grant policy to each user

foreach ($user in $users) {

Grant-CsApplicationAccessPolicy -PolicyName "KairosAppPolicy" -Identity $user

Write-Host "Granted policy to: $user"

}

Step 5: Verify Policy Assignments

# Check specific user's policy assignment

Get-CsUserPolicyAssignment -Identity "user@company.com" -PolicyType ApplicationAccessPolicy

# Check multiple users

$testUsers = @("user1@company.com", "user2@company.com")

foreach ($user in $testUsers) {

$assignment = Get-CsUserPolicyAssignment -Identity $user -PolicyType ApplicationAccessPolicy

if ($assignment) {

Write-Host "✓ $user has policy: $($assignment.PolicyName)" -ForegroundColor Green

} else {

Write-Host "✗ $user has no Application Access Policy" -ForegroundColor Red

}

Step 1: Connect to Required Services

# Connect to Microsoft Graph and Teams PowerShell

Connect-MgGraph -Scopes "Group.Read.All", "User.Read.All"

Connect-MicrosoftTeams -TenantId "6c8bc6e8-8cab-4422-b1c3-55d338779ad6"

Step 2: Extract All Users from Kairos-Pilot Group

# Get the Kairos-Pilot group and all its members

$group = Get-MgGroup -Filter "displayName eq 'Kairos-Pilot'"

Write-Host "Found group: $($group.DisplayName) (ID: $($group.Id))"

$groupMembers = Get-MgGroupMember -GroupId $group.Id

Write-Host "Group has $($groupMembers.Count) members"

# Extract UPNs from all members

$allKairosUsers = @()

foreach ($member in $groupMembers) {

$user = Get-MgUser -UserId $member.Id

$allKairosUsers += $user.UserPrincipalName

}

Write-Host "Extracted $($allKairosUsers.Count) user principal names"

Write-Host "First 5 users: $($allKairosUsers[0..4] -join ', ')"

Step 3: Batch Grant to remaining 100 users

$successCount = 0

$failCount = 0

$failedUsers = @()

$totalUsers = $allKairosUsers.Count

Write-Host "`n=== Starting KairosAppPolicy Rollout to $totalUsers Remaining Users ===" -ForegroundColor Cyan

foreach ($user in $allKairosUsers) {

try {

Grant-CsApplicationAccessPolicy -PolicyName "KairosAppPolicy" -Identity $user

$successCount++

Write-Host "[$successCount/$totalUsers] ✓ $user" -ForegroundColor Green

}

catch {

$failCount++

$failedUsers += $user

Write-Host "[$failCount failures] ✗ $user - $($_.Exception.Message)" -ForegroundColor Red

}

# Progress indicator every 20 users

if (($successCount + $failCount) % 20 -eq 0) {

Write-Host "Progress: $($successCount + $failCount)/$totalUsers completed" -ForegroundColor Yellow

}