An error occurred while saving the commentEthan commented
Also hoping for a fix for this. The alternative integration for outside services of creating an authenticated bot that monitors some custom API is a lot more difficult. I think this solution creates more problems than it solves. The documentation statement that JSON payloads are not dangerous is in itself false. More importantly, Teams takes that payload and injects it into Teams unauthenticated. Anyone with with that URL could inject malicious URLs into an orgs chat. How many users even vet their emails? You think they will think twice about clicking a link on a private Teams channel?
Since the webhook URL is hosted by Microsoft anyways, how about authentication options via AAD?Ethan supported this idea ·