Chat.ReadWrite.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Read/Write
All Resources
Allows an app to read and write all chat messages in Microsoft Teams, without a signed-in user.
Delegated Access
App-Only Access
Permission Details
Application Permission
Read and write all chat messages
Allows an app to read and write all chat messages in Microsoft Teams, without a signed-in user.
Permission ID:
294ce7c9-31ba-490a-ad7d-97a7d075e4ed
Delegated Permission
Admin consent required
Read and write all chat messages
Allows an app to read and write all one-to-one and group chats in Microsoft Teams, without a signed-in user. Does not allow sending messages.
User sees: Allows an app to read and write all one-to-one and group chats in Microsoft Teams, without a signed-in user. Does not allow sending messages.
Permission ID:
7e9a077b-3711-42b9-b7cb-5fa5f3f7fea7
Properties
| Property | Type | Description |
|---|---|---|
id |
string |
The unique identifier for an entity. Read-only. |
locale |
string |
Locale of the chat message set by the client. Always set to en-us. |
deletedDateTime |
date-timeNullable |
Read only. Timestamp at which the chat message was deleted, or null if not deleted. |
hostedContents |
microsoft.graph.chatMessageHostedContent collection |
Content in a message hosted by Microsoft Teams - for example, images or code snippets. |
body |
microsoft.graph.itemBody |
|
subject |
stringNullable |
The subject of the chat message, in plaintext. |
importance |
microsoft.graph.chatMessageImportance |
|
onBehalfOf |
object |
User attribution of the message when bot sends a message on behalf of a user. |
replyToId |
stringNullable |
Read-only. ID of the parent chat message or root chat message of the thread. (Only applies to chat messages in channels, not chats.) |
etag |
stringNullable |
Read-only. Version number of the chat message. |
createdDateTime |
date-timeNullable |
Timestamp of when the chat message was created. |
mentions |
microsoft.graph.chatMessageMention collection |
List of entities mentioned in the chat message. Supported entities are: user, bot, team, channel, chat, and tag. |
summary |
stringNullable |
Summary text of the chat message that could be used for push notifications and summary views or fall back views. Only applies to channel chat messages, not chat messages in a chat. |
lastEditedDateTime |
date-timeNullable |
Read only. Timestamp when edits to the chat message were made. Triggers an 'Edited' flag in the Teams UI. If no edits are made the value is null. |
webUrl |
stringNullable |
Read-only. Link to the message in Microsoft Teams. |
Showing 15 of 26 properties. View all on Microsoft Learn →
JSON Representation
JSON representation
{
"id": "String",
"locale": "String",
"deletedDateTime": "String",
"hostedContents": "[...]",
"body": "microsoft.graph.itembody",
"subject": "String",
"importance": "microsoft.graph.chatmessageimportance",
"onBehalfOf": "{...}",
"replyToId": "String",
"etag": "String",
"createdDateTime": "String",
"mentions": "[...]",
"summary": "String",
"lastEditedDateTime": "String",
"webUrl": "String",
"messageHistory": "[...]",
"policyViolation": "{...}",
"messageType": "microsoft.graph.chatmessagetype",
"lastModifiedDateTime": "String",
"chatId": "String"
}Relationships
| Relationship | Type | Description |
|---|---|---|
installedApps |
teamsAppInstallation collection |
A collection of all the apps in the chat. Nullable. |
members |
conversationMember collection |
A collection of all the members in the chat. Nullable. |
messages |
chatMessage collection |
A collection of all the messages in the chat. Nullable. |
tabs |
teamsTab collection |
A collection of all the tabs in the chat. Nullable. |
pinnedMessages |
pinnedChatMessageInfo collection |
A collection of all the pinned messages in the chat. Nullable. |
lastMessagePreview |
chatMessageInfo |
Preview of the last message sent in the chat. Null if no messages are sent in the chat. |
Graph Methods
Delegated access
App-only access
Code Examples
C# / .NET SDK
// Install: dotnet add package Microsoft.Graph
// Install: dotnet add package Azure.Identity
using Microsoft.Graph;
using Azure.Identity;
// Delegated permissions - interactive user sign-in
var scopes = new[] { "Chat.ReadWrite.All" };
var options = new InteractiveBrowserCredentialOptions
{
ClientId = "YOUR_CLIENT_ID",
TenantId = "YOUR_TENANT_ID",
RedirectUri = new Uri("http://localhost")
};
var credential = new InteractiveBrowserCredential(options);
var graphClient = new GraphServiceClient(credential, scopes);
// Example: GET /me
var result = await graphClient.Me.GetAsync();
Console.WriteLine($"User: {result?.DisplayName}");
// Application permissions - daemon/service app
var tenantId = "YOUR_TENANT_ID";
var clientId = "YOUR_CLIENT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";
var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(credential);
// Example: GET /users/{user-id}
var users = await graphClient.Users.GetAsync();
foreach (var user in users?.Value ?? [])
{
Console.WriteLine($"User: {user.DisplayName}");
}
JavaScript / TypeScript
// npm install @azure/msal-browser @microsoft/microsoft-graph-client
import { PublicClientApplication } from "@azure/msal-browser";
import { Client } from "@microsoft/microsoft-graph-client";
import { AuthCodeMSALBrowserAuthenticationProvider } from
"@microsoft/microsoft-graph-client/authProviders/authCodeMsalBrowser";
const msalConfig = {
auth: {
clientId: "YOUR_CLIENT_ID",
authority: "https://login.microsoftonline.com/YOUR_TENANT_ID"
}
};
const pca = new PublicClientApplication(msalConfig);
await pca.initialize();
// Delegated: Login with required scope
const loginResponse = await pca.loginPopup({
scopes: ["Chat.ReadWrite.All"]
});
const authProvider = new AuthCodeMSALBrowserAuthenticationProvider(pca, {
account: loginResponse.account,
scopes: ["Chat.ReadWrite.All"],
interactionType: "popup"
});
const graphClient = Client.initWithMiddleware({ authProvider });
// Example: GET /me
const result = await graphClient.api("/me").get();
console.log(result);
// Application: Use client credentials (Node.js backend only)
// npm install @azure/identity @microsoft/microsoft-graph-client
import { ClientSecretCredential } from "@azure/identity";
import { TokenCredentialAuthenticationProvider } from
"@microsoft/microsoft-graph-client/authProviders/azureTokenCredentials";
const credential = new ClientSecretCredential(
"YOUR_TENANT_ID",
"YOUR_CLIENT_ID",
"YOUR_CLIENT_SECRET"
);
const authProvider = new TokenCredentialAuthenticationProvider(credential, {
scopes: ["https://graph.microsoft.com/.default"]
});
const graphClient = Client.initWithMiddleware({ authProvider });
const result = await graphClient.api("/users").get();
console.log(result);
PowerShell
# Install Microsoft Graph PowerShell module
Install-Module Microsoft.Graph -Scope CurrentUser
# Delegated access - interactive sign-in
Connect-MgGraph -Scopes "Chat.ReadWrite.All"
# Verify connection
Get-MgContext | Select-Object Account, TenantId, Scopes
# Example: GET /me
$result = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/me"
$result | ConvertTo-Json -Depth 5
# Application access with certificate
$params = @{
ClientId = "YOUR_CLIENT_ID"
TenantId = "YOUR_TENANT_ID"
CertificateThumbprint = "YOUR_CERT_THUMBPRINT"
}
Connect-MgGraph @params
# Or with client secret (not recommended for production)
# Connect-MgGraph -ClientSecretCredential $credential
# Example: GET /users
$result = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users"
$result | ConvertTo-Json -Depth 5
# Always disconnect when done
Disconnect-MgGraph
Python
# pip install msgraph-sdk azure-identity
from azure.identity import InteractiveBrowserCredential, ClientSecretCredential
from msgraph import GraphServiceClient
import asyncio
# Delegated permissions - interactive browser sign-in
credential = InteractiveBrowserCredential(
client_id="YOUR_CLIENT_ID",
tenant_id="YOUR_TENANT_ID"
)
scopes = ["Chat.ReadWrite.All"]
client = GraphServiceClient(credential, scopes)
async def get_data():
# Example: GET /me
result = await client.me.get()
print(f"User: {result.display_name}")
return result
asyncio.run(get_data())
# Application permissions - client credentials
credential = ClientSecretCredential(
tenant_id="YOUR_TENANT_ID",
client_id="YOUR_CLIENT_ID",
client_secret="YOUR_CLIENT_SECRET"
)
scopes = ["https://graph.microsoft.com/.default"]
client = GraphServiceClient(credential, scopes)
async def get_users():
# Example: GET /users
result = await client.users.get()
for user in result.value:
print(f"User: {user.display_name}")
return result
asyncio.run(get_users())App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or Delegated permissions and search for Chat.ReadWrite.All
4
Grant Admin Consent
Application permissions always require admin consent. Click "Grant admin consent" in the Azure portal.