Prerequisites & Setup: Application Access Policy for Riva Meeting Intelligence Teams Integration
Before You Begin
Client Environment Requirements:
- Microsoft 365 tenant and Teams enabled
- Entra ID Premium P1 or P2 license (for Conditional Access)
- Teams Administrator or Global Administrator role
- PowerShell execution capability (Windows PowerShell 5.1+ or PowerShell 7+)
Riva Meeting Intelligence Application Requirements:
- Riva Meeting Intelligence application already deployed and accessible to users (see How to Install Riva Meeting Intelligence for Multiple Users).
- Admin consent granted for standard Riva Meeting Intelligence permissions
- Users experiencing "Application is not allowed to perform operations" errors when accessing data
Pre-Steps
Pre-Step 1: Verify Riva Meeting Intelligence Application Details
Pre-Step 2: Install Required PowerShell Modules
Pre-Step 3: Gather Required Information
Pre-Step 1: Verify Riva Meeting Intelligence Application Details
Find Your Meeting Insight Application ID:
- Go to Entra admin center > Enterprise applications
- Search for "Riva Meeting Intelligence"
- Click on the Riva Meeting Intelligence application
- Note the Application (client) ID - you will need this for the policy
Example: ba3a7bf4-955e-4b3e-8dba-1c4f1cec3b1a
Verify Admin Consent:
- In the same Enterprise application > Permissions tab
- Ensure these permissions have green checkmarks:
OnlineMeetings.Read.AllOnlineMeetingTranscript.Read.All- Other Microsoft Graph permissions as needed
- If missing, click "Grant admin consent for [your organization]"
Pre-Step 2: Install Required PowerShell Modules
Install Microsoft Teams and Microsoft Graph PowerShell Modules:
# Check if module is installed
Get-Module -ListAvailable -Name MicrosoftTeams
# Install if not present
Install-Module -Name MicrosoftTeams -Force -AllowClobber
# Install Microsoft Graph module (for group management)
Install-Module -Name Microsoft.Graph -Force -AllowClobber
For Linux/AWS Workspaces:
# Install PowerShell 7 first
curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.0/powershell-7.4.0-linux-x64.tar.gz -o /tmp/powershell.tar.gz
sudo mkdir -p /opt/microsoft/powershell/7
sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7
sudo ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
# Then install modules in PowerShell
pwsh
Install-Module -Name MicrosoftTeams -Force -AllowClobberPre-Step 3: Gather Required Information
Collect These Details Before Starting:
| Information Needed | Where to Find | Example |
| Tenant ID | Entra admin center > Overview | 6c8bc6e8-9cdb-4412-b1c3-55d338779ad6 |
| Riva Meeting Intelligence App Client ID | Enterprise applications > Riva Meeting Intelligence | ba3a7bf4-955e-4b3e-8dba-1c4f1cec3b1a |
| Users Needing Access | Security group or user list | Pilot group vs. all users |
| Admin Credentials | Your Global/Teams Admin account | admin@yourcompany.com |
Steps
Step-by-Step: Create the Application Access Policy (CAP)
Step 1: Connect to Microsoft Teams PowerShell
Step 2: Create the Application Access Policy
Step 3: Verify Policy Creation
Step 5: Verify Policy Assignments
Step 1: Connect to Microsoft Teams PowerShell
# Connect to your tenant
Connect-MicrosoftTeams -TenantId "YOUR_TENANT_ID_HERE"
# You'll be prompted for authentication - use your Global Admin or Teams Admin credentialsStep 2: Create the Application Access Policy
# Create the policy with your Meeting Insight application Client ID
New-CsApplicationAccessPolicy -Identity "MeetingIntelligenceAppPolicy" -AppIds "YOUR_MEETING_Intelligence_CLIENT_ID_HERE" -Description "Policy for Meeting Intelligence application to access Teams transcripts and recordings"Example with actual values:
New-CsApplicationAccessPolicy -Identity "MeetingIntelligenceAppPolicy" -AppIds "ba3a7bf4-955e-4b3e-8dba-1c4f1cec3b1a" -Description "Policy for Meeting Intelligence application to access Teams transcripts and recordings for enhanced CRM integration"Step 3: Verify Policy Creation
# Check that the policy was created successfully
Get-CsApplicationAccessPolicy -Identity "MeetingIntelligenceAppPolicy"Expected Output:
Identity : Tag:MeetingIntelligenceAppPolicy
AppIds : {ba3a7bf4-955e-4b3e-8dba-1c4f1cec3b1a}
Description : Policy for Riva Meeting Intelligence application to access Teams transcripts and recordings for enhanced CRM integration
Step 4: Grant Policy to Users
Option A: Grant to Individual Users
# Grant to specific users
Grant-CsApplicationAccessPolicy -PolicyName "MeetingIntelligenceAppPolicy" -Identity "user1@company.com"
Grant-CsApplicationAccessPolicy -PolicyName "MeetingIntelligenceAppPolicy" -Identity "user2@company.com"Option B: Grant to All Users Globally
# Grant to all users in the tenant
Grant-CsApplicationAccessPolicy -PolicyName "MeetingIntelligenceAppPolicy" -Global
Option C: Grant to Security Group Members (Batch Process)
# First, get users from your security group
Connect-MgGraph -Scopes "Group.Read.All", "User.Read.All"
$group = Get-MgGroup -Filter "displayName eq 'MeetingIntelligence-Teams-Access'"
$members = Get-MgGroupMember -GroupId $group.Id
# Extract UPNs and grant policy
$users = @()
foreach ($member in $members) {
$user = Get-MgUser -UserId $member.Id
$users += $user.UserPrincipalName
}
# Grant policy to each user
foreach ($user in $users) {
Grant-CsApplicationAccessPolicy -PolicyName "MeetingIntelligenceAppPolicy" -Identity $user
Write-Host "Granted policy to: $user"
}Step 5: Verify Policy Assignments
# Check specific user's policy assignment
Get-CsUserPolicyAssignment -Identity "user@company.com" -PolicyType ApplicationAccessPolicy
# Check multiple users
$testUsers = @("user1@company.com", "user2@company.com")
foreach ($user in $testUsers) {
$assignment = Get-CsUserPolicyAssignment -Identity $user -PolicyType ApplicationAccessPolicy
if ($assignment) {
Write-Host "✓ $user has policy: $($assignment.PolicyName)" -ForegroundColor Green
} else {
Write-Host "✗ $user has no Application Access Policy" -ForegroundColor Red
}
}✅Initial Setup Complete. 🏁
Expansion Steps
Follow these steps when you are ready to expand the policy beyond the pilot stage.
Step 1: Connect to Required Services
# Connect to Microsoft Graph and Teams PowerShell
Connect-MgGraph -Scopes "Group.Read.All", "User.Read.All"
Connect-MicrosoftTeams -TenantId "6c8bc6e8-8cab-4422-b1c3-55d338779ad6"
Step 2: Extract All Users from Riva Meeting Intelligence Pilot Group
# Get the MeetingIntelligence-Pilot group and all its members
$group = Get-MgGroup -Filter "displayName eq 'MeetingIntelligence-Pilot'"
Write-Host "Found group: $($group.DisplayName) (ID: $($group.Id))"
$groupMembers = Get-MgGroupMember -GroupId $group.Id
Write-Host "Group has $($groupMembers.Count) members"
# Extract UPNs from all members
$allMeetingIntelligenceUsers = @()
foreach ($member in $groupMembers) {
$user = Get-MgUser -UserId $member.Id
$allMeetingIntelligenceUsers += $user.UserPrincipalName
}
Write-Host "Extracted $($allMeetingIntelligenceUsers.Count) user principal names"
Write-Host "First 5 users: $($allMeetingIntelligenceUsers[0..4] -join ', ')"Step 3: Batch Grant to the remaining 100 users
$successCount = 0
$failCount = 0
$failedUsers = @()
$totalUsers = $allMeetingIntelligenceUsers.Count
Write-Host "`n=== Starting MeetingIntelligenceAppPolicy Rollout to $totalUsers Remaining Users ===" -ForegroundColor Cyan
foreach ($user in $allMeetingIntelligenceUsers) {
try {
Grant-CsApplicationAccessPolicy -PolicyName "MeetingIntelligenceAppPolicy" -Identity $user
$successCount++
Write-Host "[$successCount/$totalUsers] ✓ $user" -ForegroundColor Green
}
catch {
$failCount++
$failedUsers += $user
Write-Host "[$failCount failures] ✗ $user - $($_.Exception.Message)" -ForegroundColor Red
}
# Progress indicator every 20 users
if (($successCount + $failCount) % 20 -eq 0) {
Write-Host "Progress: $($successCount + $failCount)/$totalUsers completed" -ForegroundColor Yellow
}
}