Error "App is blocked by app permission policy"

Question

I am developing a proactive messaging Teams bot and need to install the app into a single tenant with Graph to store the conversation reference that is supposedly returned for future notifications to an individual user.

The error I get:

    "innerError": {
      "code": "AccessDenied",
      "message": "App is blocked by app permission policy. TenantId: 2b8fcc74-xxxx-xxxx-a2f9-2f5b64a94336, UserObjectId: 6c78dac5-xxxx-xxxx-b0df-b210a938add4, AppId: 306161fc-xxxx-xxxx-b5dc-838b2ce086fb, AppType: Private",       "details": [],
      "date": "2024-07-09T08:02:31",
      "request-id": "9bf6390d--9e0b-6a133eceb532",
      "client-request-id": "9bf6390d-9-9e0b-6a133eceb532"
    }

I have been trying many permissions for the app in the tenant that installs the bot app (I am using the Microsoft Developer account for developing)

  "roles": [
    "TeamsAppInstallation.ReadForUser.All",
    "Teamwork.Migrate.All",
    "User.ReadWrite.All",
    "AppCatalog.ReadWrite.All",
    "TeamsAppInstallation.ReadWriteSelfForUser.All",
    "TeamsAppInstallation.ReadWriteAndConsentForUser.All",
    "TeamsAppInstallation.ReadWriteForUser.All",
    "Chat.Read.All",
    "Chat.ReadWrite.All",
    "Application.Read.All",
    "TeamsAppInstallation.ReadWriteAndConsentForChat.All"
  ],

Thank you for any information

Answer 1

Hi @Evans, Dean1 (GE Aerospace)

According to the documentation, application permissions are only supported for migration. This means that you cannot send chat messages in channels or chats using application permissions, but only import third-party platform messages.

Currently only delegated permissions can be used to send messages.

---

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.