Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
nioj2S
Frequent Visitor

Teams activity in pipeline - guest user can't fetch the team/channel

‎11-19-2024 12:46 AM

Hi!

 

I have an issue where an service email account can't fetch their Teams Teams in the Teams activity in my Fabric pipeline. I want the service account to post in the Team channel if a pipeline fails.

I have three email accounts:

myown@mycompany.com - This is what is logged into Teams, and who owns the Teams Team

myuser@othercompany.com - The login in for my Fabric account and what I use to build pipelines with

serviceaccount@othercompany.com - The service account I want to use in my Teams activity to post in the Teams Team channel if any errors.

 

The service account is added to the Teams Team as a guest user, due to my company policies. Guest users have permission to create and update channels in Teams Team.

When I create a Teams activity in my Fabric pipeline, I can sign in with the service account, but it will not fetch the Teams Team in the dropdown after signing in. If I try myown@mycompany.com it works just fine, even though that user has nothing to do with the Fabric workspace at all, it is not even added in the permissions. The service account is added as a contributor in the workspace.

 

It seems like the only difference is that the service account is added as a guest in the Teams Team. I couldn't find any information on guest users when reading about the Teams activity. Is this expected behaviour? Should guest users not be able to post from Fabric pipelines to Teams channels?

 

Thank you!

Labels:
Message 1 of 7
450 Views
0
6 REPLIES 6
v-jingzhan-msft
Community Support
Community Support

‎11-19-2024 10:35 PM

Hi @nioj2S 

 

It looks like a limitation for guest users. It doesn't provide an option for users to switch the tenant when signing in, so it probably signs the guest user into the user's original tenant (othercompany) instead of the current tenant (mycompany) where the data pipeline is created. 

 

Since the Teams activity is still in preview, this behavior might be modified in the future. Please raise your ideas about new features or improvements in Fabric Ideas forum to let the product team know what you want. You can also vote up the following idea which requires the support for service principal authentication for Teams activity. 

Microsoft Idea: Fabric Data Factory Teams activity: change activity authorization to service princip...

 

Best Regards,
Jing
If this post helps, please Accept it as Solution to help other members find it. Appreciate your Kudos!

Message 5 of 7
397 Views
nioj2S
Frequent Visitor
In response to v-jingzhan-msft

‎11-26-2024 05:40 AM

So I did some experimenting: I logged in to the Teams activity with myown@mycompany.com and connected to the Teams Team Channel, and wrote a message body. Then I copied that part of the JSON code fothercompany.or the pipeline. I switched user to serviceaccount@othercompany.com and then I edited the JSON code to include the IDs to the Teams Team Channel and the message body, and then I FINALLY got an error message that gave something:

 

Failed to get license information for the user. Ensure user has a valid Office365 license assigned to them.

 

So, the service account is on @othercompany.onmicrosoft.com and does not have an Office365 license. The purpose of the service account is to have it connected to the Teams (or Outlook) activities in the pipelines, because I can not find any other way of alerting when a pipeline has failed (like the Dataflow Gen2 has it in settings, just enter email of the persons who should get the alert email). So it seems not only does the service account need a Fabric license, but also a Office365 license to be able to use the Teams/Outlook activities in the pipeline. Please correct me if I am wrong, because this seems very weird considering the Dataflow Gen2s have a simple alert setting to send fail notifications, no need for another Microsoft license, right?

Message 6 of 7
215 Views
0
v-jingzhan-msft
Community Support
Community Support
In response to nioj2S

‎11-28-2024 01:06 AM

Hi @nioj2S 

 

It seems the Teams and Outlook activities currently only support enterprise accounts and not personal accounts.

 

I tried logging in with my personal Outlook account (e.g. xxxx@outlook.com) to send an email, but the pipeline failed and returned an error "The tenant for tenant guid 'xxxxxxx' does not exist. Only work or school accounts are supported." This article also mentions this. 

vjingzhanmsft_0-1732781513253.png

 

For an enterprise account, an active per-user license is indeed required to send and receive emails. I tried creating a free enterprise user without any license, and although the account name (UPN) looks like an email address, it actually cannot access Outlook or Teams app. Reference: I have Outlook email accounts. Do I need Microsoft 365 in order for - Microsoft Community

 

I think the data pipeline lacks a feature like the refresh failure notifications in dataflows to send failure alert emails. Please vote up the following idea: Pipelines Scheduled Send Email Notification of Failure like Dataset refresh failure notification

 

An alternative is to use the Python script to send the emails by using a personal email address. You can write scripts for sending emails in a notebook. Then add a notebook acitivity in the pipeline to invoke the notebook. Please refer to this thread: Send email from notebook getting "SMTPHeloError: (... - Microsoft Fabric Community However if you want to send emails with an enterprise Microsoft account, a license is still needed. There's no way around it.

 

Best Regards,
Jing
Community Support Team

Message 7 of 7
183 Views
0
SuryaTejaK
Advocate I
Advocate I

‎11-19-2024 09:57 PM

These might be the issue-

1. May be there is limitations on Guest User-usually guest users have limited permissions compared to regular mem, there might be restriction on integration with external services like pipelines

 

2.sometimes may be authentication issues aswell

 

Solution-

As a temporary solution you could use your own account(myown@mycompany.com) to post msgs to teams and setup a  notification system to alert in the pipeline

may be you can rise an Service request if the above one also not works

 

Message 2 of 7
401 Views
jwinchell40
Resolver III
Resolver III
In response to SuryaTejaK

‎11-20-2024 03:57 AM

@SuryaTejaK - I think you are spot on.   We have 2 tenants, one for our Analytics Solution we host for customers and then our Company Tenant.  In our logging pipelines we write failures to a Teams channel in our Company Tenant and the service account is used for that connection.  We see what we would expect the right list of workspaces.

We did give the service account access to the tenant where the product is hosted but it never displays the channels from that Tenant; always the company one.  Not sure if this could be adjusted in the Code View of the pipeline or not.

Message 3 of 7
378 Views
0
SuryaTejaK
Advocate I
Advocate I
In response to jwinchell40

‎11-20-2024 04:07 AM

Hi @jwinchell40 

Pipeline Code View Adjustments: In the Code View of your pipeline, ensure that the service connection references are correctly specified. For YAML pipelines, you can explicitly define the service connection name and ensure it points to the correct tenant. 

 

Verify Service Account Permissions: Ensure that the service account has the necessary permissions in both tenants. This includes checking that it has access to the specific Teams channels and workspaces you need.

 

Sometimes, cross-tenant access issues can be resolved by ensuring that the service account is properly invited and accepted in the target tenant. 

 

Note- Accept this if it works as a solution

 

Regards,

Suryateja K,

Message 4 of 7
375 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All