Overview
This guide helps you diagnose and resolve application access policy issues that may prevent issues with Aptem's Communication Connector with Teams.
Verify the application
Follow these steps to confirm that the Aptem Teams application exists in your Microsoft tenant:
In the Azure Portal, navigate to Microsoft Entra ID
Select Enterprise Applications
Search for Aptem - MS Teams - Prod
Select the application to view its details
Copy the Application (Client) ID (this will be needed later for troubleshooting)
If the application is not present:
Re-enable the Microsoft Teams connector in Aptem and complete the configuration steps described in Configuring the Communications Connector with Microsoft Teams. After enabling it, return to this article and continue with the steps below.
Prerequisites
Before running the commands in this guide:
Install or update the Microsoft Teams PowerShell module, if not already installed
Connect to your Microsoft tenant using PowerShell:
Connect-MicrosoftTeamsYou must sign in with an account that has sufficient administrative permissions.
Step 1: List existing application access policies
To see which application access policies exist in your tenant, run:
Get-CsApplicationAccessPolicyWhat to look for
One or more policies should be listed
-
Each policy includes:
Identity (the policy name)
AppIds (one or more application IDs allowed by the policy)
If no policies are listed:
No application access policy has been created yet. You must create one that includes the Aptem Teams application ID. See: Setting up an Access Policy for Microsoft Teams.
After creating the policy, return to this guide and continue from Step 3 – Check what policy is applied to a user.
Step 2: Confirm the Aptem app ID is present in a policy
Locate the application access policy that is intended to allow the Aptem Teams application.
If you know the policy name:
Get-CsApplicationAccessPolicy -Identity "<PolicyName>"If you do not know which policy to use, list all policies and inspect their AppIds:
Get-CsApplicationAccessPolicy | Select-Object Identity, AppIdsWhat to look for
The Aptem application ID (GUID) must appear in the AppIds list of at least one policy
If the Aptem app ID is not present in any policy:
Add the Aptem app ID to an existing policy, or create a new policy that includes it:
Set-CsApplicationAccessPolicy -Identity "<PolicyName>" -AppIds {ENTER APP ID HERE}Important
Each user can have only one effective application access policy. The policy applied to the user must include all applications that user is allowed to access, including Aptem.
Step 3: Check what policy is applied to a specific user
The Aptem integration operates in the context of the meeting organiser. You must check the application access policy applied to the user who organised the meeting.
Run:
Get-CsUserPolicyAssignment -Identity <organizerUPN>Replace <organizerUPN> with the organiser’s sign-in name (for example, alice@yourcompany.com).
What to look for
An entry where PolicyType = ApplicationAccessPolicy
Note the PolicyName — this is the effective policy for that user
If no ApplicationAccessPolicy is listed:
The user does not have an application access policy applied. In this state, access to Teams artifacts (such as transcripts) will fail.
Step 4: Check whether the user’s policy includes the Aptem app
Using the policy name identified in Step 3, inspect the policy:
Get-CsApplicationAccessPolicy -Identity "<PolicyName>" | Select-Object Identity, AppIdsWhat to look for
Confirm that the Aptem application ID appears in the AppIds list
If the Aptem app ID is missing:
The policy exists but does not allow Aptem
-
You must either:
Add the Aptem app ID to this policy, or
Assign the user to a different policy that already includes the Aptem app ID
If the Aptem app ID is present, continue to Step 5.
Step 5: Check group-based policy assignments and ranking (if applicable)
If application access policies are assigned to groups, run:
Get-CsGroupPolicyAssignment -PolicyType ApplicationAccessPolicyWhat to look for
Which groups have an application access policy assigned
-
The PolicyName and Rank for each group.
A lower rank number has higher priority (for example, rank 1 takes precedence over rank 2).
Verify the following:
The meeting organiser is a member of a group that has a policy including the Aptem app ID
If the user belongs to multiple groups, the policy from the group with the highest priority (lowest rank) is the effective policy
If a higher-priority group policy does not include the Aptem app ID, it will block access even if a lower-priority policy allows Aptem.
Step 6: Check for direct (per-user) policy overrides
Direct per-user assignment of an application access policy always takes precedence over group-based assignments.
From Step 3, if the user has:
A per-user ApplicationAccessPolicy assigned
And that policy does not include the Aptem app ID
And you expect the user to inherit a policy from a group
Then the per-user assignment is overriding the group policy.
To resolve this, you must either:
Update the per-user policy to include the Aptem app ID, or
Remove the per-user assignment so the group-based policy can take effect