Ethan

My feedback

  1. 216 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Public » Developer Platform  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Ethan commented  · 

    Also hoping for a fix for this. The alternative integration for outside services of creating an authenticated bot that monitors some custom API is a lot more difficult. I think this solution creates more problems than it solves. The documentation statement that JSON payloads are not dangerous is in itself false. More importantly, Teams takes that payload and injects it into Teams unauthenticated. Anyone with with that URL could inject malicious URLs into an orgs chat. How many users even vet their emails? You think they will think twice about clicking a link on a private Teams channel?

    Since the webhook URL is hosted by Microsoft anyways, how about authentication options via AAD?

    Ethan supported this idea  · 

Feedback and Knowledge Base