+ Title: Receive all conversation messages with RSC

+# Receive all conversation messages with RSC

+The resource-specific consent (RSC) permissions model, originally developed for Microsoft Teams Graph APIs, is being extended to bot scenarios. With RSC, conversation owners can consent for a bot to receive all user messages in standard channels and chats without being @mentioned. This can be enabled by specifying the `ChannelMessage.Read.Group` or `ChatMessage.Read.Chat` permission strings in your Teams app manifest. Conversation owners can grant consent during the app installation or upgrade process after the app updates are published. For more information about enabling RSC for your app and inside of a tenant, see [resource-specific consent](../../../graph-api/rsc/resource-specific-consent.md).

+## Enable bots to receive all channel or chat messages

+> [!NOTE]

+>

+> The ability for bots to receive all messages in chats using `ChatMessage.Read.Chat` is available only in [public developer preview for Teams](../../../resources/dev-preview/developer-preview-intro.md).

+The `ChannelMessage.Read.Group` and `ChatMessage.Read.Chat` RSC permissions are being extended to bots. With user consent and app installation, these permissions:

+* Allow a specified graph application to get all messages in channels and chats, respectively.

+* Enable a bot defined in the app manifest to receive all conversations messages without being @mentioned in relevant contexts where the permissions apply.

+> [!IMPORTANT]

+> * Services that need access to all Teams message data must use the Graph APIs that provide access to archived data in channels and chats.

+> * Bots must use the `ChannelMessage.Read.Group` and `ChatMessage.Read.Chat` RSC permission appropriately to build and enhance engaging experience for users to pass the store approval. The app description must include how the bot uses the data it reads.

+> * The `ChannelMessage.Read.Group` and `ChatMessage.Read.Chat` RSC permission may not be used by bots to extract large amounts of customer data.

+For your bot to receive all conversation messages, the relevant RSC permission strings must be specified in the `authorization.permissions.resourceSpecific` property of your Teams app manifest. For more information about manifest schema, see [app manifest schema for Teams](../../../resources/schem).

+The following code provides an example of the app manifest:

+* **webApplicationInfo.id**: Your Microsoft Azure Active Directory (AAD) app ID. The app ID can be the same as your bot ID.

+* **webApplicationInfo.resource**: Any string. The resource field has no operation in RSC, but must be added with a value to avoid error response.

+* **authorization.permissions.resourceSpecific**: RSC permissions for your app with either or both `ChannelMessage.Read.Group` and `ChatMessage.Read.Chat` specified. For more information, see [resource-specific permissions](/microsoftteams/platform/graph-api/rsc/resource-specific-consent#resource-specific-permissions).

+The following code provides an example of the app manifest version 1.12 or higher:

+{

+ "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.12/MicrosoftTeams.schema.json",

+ "manifestVersion": "1.12",

+ "version": "1.0.0",

+ "id": "8239c8f3-ed78-4512-933e-babfd28856f1",

+ "packageName": "com.contoso.rscechobot",

+ "developer": {

+ "name": "Contoso",

+ "websiteUrl": "https://www.contoso.com",

+ "privacyUrl": "https://www.contoso.com/privacy",

+ "termsOfUseUrl": "https://www.contoso.com/tos"

+ },

+ "icons": {

+ "color": "color.png",

+ "outline": "outline.png"

+ },

+ "name": {

+ "short": "RscEchoBot",

+ "full": "Echo bot with RSC configured for all conversation messages"

+ },

+ "description": {

+ "short": "Echo bot with RSC configured for all channel and chat messages",

+ "full": "Echo bot configured with all channel and chat messsages RSC permission in manifest"

+ },

+ "accentColor": "#FFFFFF",

+ "staticTabs": [

+ {

+ "entityId": "conversations",

+ "scopes": [

+ "personal"

+ ]

+ },

+ {

+ "entityId": "about",

+ "scopes": [

+ "personal"

+ ]

+ }

+ ],

+ "webApplicationInfo": {

+ "id": "07338883-af76-47b3-86e4-2603c50be638",

+ "resource": "https://AnyString"

+ },

+ "authorization": {

+ "permissions": {

+ "resourceSpecific": [

+ {

+ "type": "Application",

+ "name": "ChannelMessage.Read.Group"

+ },

+ {

+ "type": "Application",

+ "name": "ChatMessage.Read.Chat"

+ }

+ ]

+ }

+ },

+ "bots": [

+ {

+ "botId": "07338883-af76-47b3-86e4-2603c50be638",

+ "scopes": [

+ "personal",

+ "team",

+ "groupchat"

+ ],

+ "supportsFiles": false,

+ "isNotificationOnly": false

+ }

+ ],

+ "permissions": [

+ "identity",

+ "messageTeamMembers"

+ ],

+ "validDomains": []

+## Sideload in a conversation

+# [Channel messages](#tab/channel)

+The following steps guide you to sideload and validate bot that receives all channel messages in a Team without being @mentioned:

+1. Select ●●● from the left pane. The dropdown menu appears.

+1. Select **Manage team** from the dropdown menu.

+# [Chat messages](#tab/chat)

+The following steps guide you to sideload and validate bot that receives all chat messages without being @mentioned in a chat:

+1. Select or create a group chat.

+1. Select the ellipses ●●● from the group chat. The dropdown menu appears.

+1. Select **Manage apps** from the dropdown menu.

+ :::image type="content" source="../../../assets/images/bots/Chats_Manage_Apps_Entry.png" alt-text="Manage apps in team.":::

+1. Select **Upload a custom app** from the lower right corner of **Manage apps**.

+ :::image type="content" source="../../../assets/images/bots/Chats_Manage_Apps_Page.png" alt-text="Uploading custom app.":::

+1. Select the app package from the **Open** dialog box.

+1. Select **Open**.

+ :::image type="content" source="../../../assets/images/bots/Chats_Sideload_App_FilePicker.png" alt-text= "Selecting app package.":::

+1. Select **Add** from the app details pop-up, to add the bot to your selected group chat.

+ :::image type="content" source="../../../assets/images/bots/Chats_Install_Dialog.png" alt-text="Adding the bot.":::

+1. Enter a message in the group chat for your bot.

+ :::image type="content" source="../../../assets/images/bots/Bot_ReceiveMessage.png" alt-text="Bot receives message.":::

+ The bot receives the message without being @mentioned.

+ :::image type="content" source="../../../assets/images/bots/Bot_NoMention.png" alt-text="No mention.":::

+The following code provides an example of the RSC permissions:

+ await turnContext.SendActivityAsync(MessageFactory.Text("Using RSC the bot can receive messages across channels or chats in team without being @mentioned."));

+ await context.sendActivity(MessageFactory.text("Using RSC the bot can receive messages across channels or chats in team without being @mentioned."))

+|Channel messages with RSC permissions| Microsoft Teams sample app demonstrating on how a bot can receive all channel messages with RSC without being @mentioned.|[View](https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/bot-receive-channel-messages-withRSC/csharp) |[View](https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/bot-receive-channel-messages-withRSC/nodejs) |

+> Bots can receive all channel and chat messages in a team without being @mentioned using resource-specific consent (RSC) permissions. RSC for all *chat* messages is only available in [public developer preview for Teams](../../../resources/dev-preview/developer-preview-intro.md). For more information, see [receive all conversation messages with RSC](channel-messages-with-rsc.md).

+> * Certain guidelines are marked as *Mandatory Fix*. If your app submission doesn't meet these mandatory guidelines, you'll receive a failure report from us with steps to mitigate. Your app submission will pass Microsoft Teams store validation only after you have fixed the issues.

+* App name must not lead with a core Teams feature such as Chat, Contacts, Calendar, Calls, Files, Activity, Teams, Apps, and Help. The app name can shorten to either Chat, Contacts, Calendar, Calls, Files, Activity, Teams, Apps, and Help on install in the left navigation.

+* If your app is part of an official partnership with Microsoft, the name of your app must come first. For example, **Contoso connector for Microsoft Teams**.

+* App manifests submitted must be production manifests. Accordingly, app name must not indicate that the app is a preproduction app. For example, app name must not contain words such as Beta, Dev, Preview, and UAT.

+ > Your appΓÇÖs branding on the Microsoft Teams store and AppSource including your app name, developer name, app icon, AppSource screenshots, video, short description, and website either separately or taken together must not impersonate an official Microsoft offering unless your app is an official Microsoft 1P offering.

+ Way forward must be available in the appΓÇÖs manifest, AppSource long description, and app first run experience (bot welcome message, tab setup, or config page).

+ * Apps that require tenant admin to complete one-time setup must call out dependency on tenant admin to configure the app (before any other tenant user can install and use the app).

+ Dependency must be called out in the appΓÇÖs manifest, AppSource long description, all first run experience touchpoints (bot welcome message, tab setup, or config page), help text as considered necessary as part of bot response, compose extension, or static tab content.

+> * **Clearly describe limitations**, conditions, or exceptions to the functionality, features, and deliverables in the app long description and related materials.

+> * **Prepopulate the test accounts with dummy data** to aid testing.

+* App description must identify the intended audience, briefly and clearly explain its unique and distinct value, identify supported Microsoft products and other software, and include any prerequisites or requirements for its use. You must clearly describe any limitations, conditions, or exceptions to the functionality, features, and deliverables as described in the listing and related materials before the customer acquires your offer. The capabilities you declare must relate to the core functions and description of your offer. [*Mandatory Fix*]

+* If you use a generic privacy policy template, you must add a reference to **services**, **applications**, or **platforms in the scope of your privacy policy**. You donΓÇÖt need to specify your Teams app in the scope, if you include a reference to **services**, **applications**, and **platforms**. The app validation process will interpret these references to include your Teams app along with your other services or websites.

+Your app's support URLs must not require authentication. For example, users must be allowed to contact you without sign in.

+* Any limitations, dependencies on additional services, and exceptions to features offered must be accurately called out in plan descriptions.

+* Tabs must not provide navigation that conflicts with the primary Teams navigation. If you provide a left navigation in your tab, it must not include only icons or icons with stacked text. It must not be a collapsible rail with the option to see icons with stacked text (mimicking the Teams navigation bar). Include icons with in line text or only text or use hamburger menus instead of tab left rail. [*Mandatory Fix*]

+* You must list at least one valid bot command in the `items.commands.title` section of the manifest and add a suitable description that gives clarity to the user on the bot command and its usage. Bot commands listed in the `commandLists` section of the manifest surface as prepopulated commands in the bot command menu and provide a way forward for the new user to interact with the bot. [*Mandatory Fix*]

+ * Use a form (or task module) to collect all inputs from a user at one-time.

+> Preview information and provide basic in line user actions in the posted card so that the user isn't required to navigate outside Teams for all actions (irrespective of complexity).

+* Messaging extensions are shortcuts for inserting app content or acting on a message without navigating away from the conversation. Keep your messaging extension simple and display only the components required to effectively complete the action. Complete website must not be I-framed within the messaging extension. [*Mandatory Fix*]

+* Meeting extensibility apps must offer a responsive in-meeting experience aligned to the Teams meeting experience. In-meeting experience is mandatory for a Teams app that supports meeting extensibility but, pre- and post-meeting experiences aren't mandatory.

+<details><summary>Pre- and post-meeting experience</summary>

+## App functionality

+* Apps must always notify the user before downloading any file or executable on the userΓÇÖs environment. Any call to action (CTA), either text based or otherwise, that makes it clear to the user that a file or executable is downloaded on user action is allowed in the app. [*Mandatory Fix*]

+## Mobile experience

+> [!Note]

+> Teams app doesn't recognize sub iframes. Therefore, it'll not load if there is an iframe within the tab app.

+Microsoft Teams provides single sign-on (SSO) function for application to obtain signed-in Teams user token to access Microsoft Graph and other APIs. Teams Toolkit facilitates the interaction by abstracting some of the Microsoft Azure Active Directory (Azure AD) flows and integrations behind some simple APIs. This enables you to add SSO features easily to your Teams application.

+**2022 November**

+***November 11, 2022***: [Enable bots to receive all chat messages without being @mentioned](bots/how-to/conversations/channel-messages-with-rsc.md)

+| 10/11/2022 | Generate a deep link to share content to stage in meetings. | Build apps for Teams meetings and calls > Enable and configure apps for Teams meetings > [Generate a deep link to share content to stage in meetings.](apps-in-teams-meetings/build-apps-for-teams-meeting-stage.md#generate-a-deep-link-to-share-content-to-stage-in-meetings) |