Communications Connector with Teams: Troubleshooting guide

Overview

This guide helps you diagnose and resolve application access policy issues that may prevent issues with Aptem's Communication Connector with Teams.

 

Verify the application

Follow these steps to confirm that the Aptem Teams application exists in your Microsoft tenant:

  1. In the Azure Portal, navigate to Microsoft Entra ID

  2. Select Enterprise Applications

  3. Search for Aptem - MS Teams - Prod

  4. Select the application to view its details

  5. Copy the Application (Client) ID (this will be needed later for troubleshooting)

If the application is not present:
Re-enable the Microsoft Teams connector in Aptem and complete the configuration steps described in Configuring the Communications Connector with Microsoft Teams. After enabling it, return to this article and continue with the steps below.

 

Prerequisites

Before running the commands in this guide:

  • Install or update the Microsoft Teams PowerShell module, if not already installed

  • Connect to your Microsoft tenant using PowerShell:

Connect-MicrosoftTeams

You must sign in with an account that has sufficient administrative permissions.

 

Step 1: List existing application access policies

To see which application access policies exist in your tenant, run:

Get-CsApplicationAccessPolicy

What to look for

  • One or more policies should be listed

  • Each policy includes:

    • Identity (the policy name)

    • AppIds (one or more application IDs allowed by the policy)

If no policies are listed:
No application access policy has been created yet. You must create one that includes the Aptem Teams application ID. See: Setting up an Access Policy for Microsoft Teams.

After creating the policy, return to this guide and continue from Step 3 – Check what policy is applied to a user.

 

Step 2: Confirm the Aptem app ID is present in a policy

Locate the application access policy that is intended to allow the Aptem Teams application.

If you know the policy name:

Get-CsApplicationAccessPolicy -Identity "<PolicyName>"

If you do not know which policy to use, list all policies and inspect their AppIds:

Get-CsApplicationAccessPolicy | Select-Object Identity, AppIds

What to look for

  • The Aptem application ID (GUID) must appear in the AppIds list of at least one policy

If the Aptem app ID is not present in any policy:
Add the Aptem app ID to an existing policy, or create a new policy that includes it:

Set-CsApplicationAccessPolicy -Identity "<PolicyName>" -AppIds {ENTER APP ID HERE}

Important

Each user can have only one effective application access policy. The policy applied to the user must include all applications that user is allowed to access, including Aptem.

 

Step 3: Check what policy is applied to a specific user

The Aptem integration operates in the context of the meeting organiser. You must check the application access policy applied to the user who organised the meeting.

Run:

Get-CsUserPolicyAssignment -Identity <organizerUPN>

Replace <organizerUPN> with the organiser’s sign-in name (for example, alice@yourcompany.com).

What to look for

  • An entry where PolicyType = ApplicationAccessPolicy

  • Note the PolicyName — this is the effective policy for that user

If no ApplicationAccessPolicy is listed:
The user does not have an application access policy applied. In this state, access to Teams artifacts (such as transcripts) will fail.

 

Step 4: Check whether the user’s policy includes the Aptem app

Using the policy name identified in Step 3, inspect the policy:

Get-CsApplicationAccessPolicy -Identity "<PolicyName>" | Select-Object Identity, AppIds

What to look for

  • Confirm that the Aptem application ID appears in the AppIds list

If the Aptem app ID is missing:

  • The policy exists but does not allow Aptem

  • You must either:

    • Add the Aptem app ID to this policy, or

    • Assign the user to a different policy that already includes the Aptem app ID

If the Aptem app ID is present, continue to Step 5.

 

Step 5: Check group-based policy assignments and ranking (if applicable)

If application access policies are assigned to groups, run:

Get-CsGroupPolicyAssignment -PolicyType ApplicationAccessPolicy

What to look for

  • Which groups have an application access policy assigned

  • The PolicyName and Rank for each group.

    • A lower rank number has higher priority (for example, rank 1 takes precedence over rank 2).

Verify the following:

  • The meeting organiser is a member of a group that has a policy including the Aptem app ID

  • If the user belongs to multiple groups, the policy from the group with the highest priority (lowest rank) is the effective policy

If a higher-priority group policy does not include the Aptem app ID, it will block access even if a lower-priority policy allows Aptem.

 

Step 6: Check for direct (per-user) policy overrides

Direct per-user assignment of an application access policy always takes precedence over group-based assignments.

From Step 3, if the user has:

  • A per-user ApplicationAccessPolicy assigned

  • And that policy does not include the Aptem app ID

  • And you expect the user to inherit a policy from a group

Then the per-user assignment is overriding the group policy.

To resolve this, you must either:

  • Update the per-user policy to include the Aptem app ID, or

  • Remove the per-user assignment so the group-based policy can take effect

Was this article helpful?
0 out of 0 found this helpful