Email TeamMate administration guide

Email TeamMate™ is a Teams app that shares emails in Teams conversations. TeamMate is available from the Microsoft AppSource Store, and may be used in Microsoft Teams for desktop and for mobile.

For harmon.ie customers, Email TeamMate is included with existing harmon.ie One subscriptions. Contact sales@harmon.ie to receive a coupon for Email TeamMate.

To install Email TeamMate for a single user:

  1. Open Microsoft Teams and select Apps.
  2. Search for Email TeamMate.
  3. Select the Email TeamMate app and then click Add to install it.
    Email TeamMate is added to the app bar of Teams conversations.
  4. The first time you open the app, you are asked to sign in to the app. Click Sign in and supply your Microsoft 365 credentials.
  5. You are prompted to grant TeamMate access permissions. Click I agree to proceed.

To centrally install Email TeamMate for a group of users or for the whole organization:

  1. Install the app for yourself and launch it.
  2. Click Subscribe, and specify the number of users for which you want to purchase the app.
    Notes:
    • Your TeamMate subscription can only be used in the Microsoft 365 tenant it was purchased in.
    • If you purchased TeamMate for x users, the first x users that sign in to the app are automatically registered.
  3. To allow the app to all users, open Microsoft Teams admin center > Teams apps > Manage apps.
  4. Search for Email TeamMate and slide the Status switch to Allowed.
  5. To install the app to all users, go to Teams apps > Setup policies and select the policy under which you want to install TeamMate.
  6. Under Installed apps click Add apps and then search and select Email TeamMate.
  7. Click Save.
  8. A Microsoft 365 global admin has to grant Email TeamMate access permissions for the entire organization, by clicking this consent link.

To subscribe to Email TeamMate:

  1. Select the number of licenses you want to buy. If you have a coupon, click Apply coupon and enter your coupon code.
  2. Click Proceed to Checkout.
  3. Add your billing address and click Next.
  4. Add your payment details (not required if you have a coupon) and click Next.
  5. Accept the Terms of Service and Privacy Policy, then click Pay and Subscribe (or Subscribe, if you have a coupon).

Email TeamMate requested permissions

TeamMate uses Azure Active Directory v1.0 endpoint's permissions and consent.

Here are the requested permissions, and why they are required:

  • Sign users in (openid) ‐ allows users to sign in to TeamMate with their account and allows TeamMate to see basic user profile information.
  • Sign-in and read user profile (User.Read) ‐ allows users to sign-in to TeamMate with their account, and allows TeamMate to read the profile of signed-in users.
  • View users' basic profile (profile) ‐ allows TeamMate to see your users' basic profile (name, picture, user name).
  • Read all users' basic profiles (User.ReadBasic.All) ‐ required to share emails saved in Teams chats with the person or group you are chatting with.
  • Read your chat messages (Chat.Read) ‐ required to share emails saved in Teams chats with the person or group you are chatting with.
  • Read and write access to user mail (Mail.ReadWrite) ‐ required to show the user's emails, and to reply to emails saved to Teams.
  • Access to all files user can access (Files.ReadWrite.All) ‐ required to save emails in Teams / OneDrive.
  • Read users' relevant people lists (People.Read): required to search for emails by people, and to suggest people you are frequently contacting.

Security notes:

  • Email TeamMate only asks for delegated permissions, and not for application permissions. The effective permissions are the least privileged intersection of the delegated permissions Email TeamMate has been granted (through consent) and the privileges of the currently signed-in user. Email TeamMate cannot have more privileges than the signed-in user. As a result, TeamMate users can never access content they are not authorized to view. For more information, read Permissions and consent in the Azure Active Directory v1.0 endpoint.
  • The only permission Email TeamMate stores is User.Read. We save the user name of signed-in users for identifying them through various platforms.

To verify that Email TeamMate consent is properly configured:

To verify that TeamMate requested permissions are probably configured:

  1. Open Azure Active Directory > Enterprise applications.
  2. Search for the TeamMate Application ID: 74a31d8c-1ee9-4fb8-bc22-640ba5f457f4.
  3. Click the TeamMate app and select Permissions.
  4. Verify that all permissions are marked as granted.