I’m trying to pull Teams channel messages on creation and turn them into Sharepoint news posts. I’ve loaded the Zapier app in Teams and approved permissions as an admin and connected using an account that has Security Admin, Security Reader and Priv Role admin per the docs.
Getting this message on test:
+14Hi
Help links for using Microsoft Teams in Zaps: https://zapier.com/apps/microsoft-teams/integrations#help
What the error means
In short: the app is authenticated, but it is not authorized to read messages.
The app is trying to read messages from Microsoft Teams or Microsoft 365, but Microsoft Graph is rejecting the request. The request does not include any permission that allows reading channel or group messages. Because of that, Microsoft blocks the API call and no messages can be pulled.
Why this happens
This usually occurs when one or more of the following is true:
The app was granted the wrong Microsoft Graph permissions.
The required permissions were added but admin consent was never approved.
The app is using resource specific consent but the app was not granted access to the specific Team or Channel.
The app is using delegated permissions but the signed-in user does not have access to the Team or Channel.
What needs to be done to fix it
One of these permissions must be granted to the app, depending on how it is designed:
ChannelMessage.Read.All
ChannelMessage.Read.Group
Group.Read.All
Group.ReadWrite.All
Steps to resolve:
Go to Azure Portal.
Open Azure Active Directory.
Open App registrations.
Select the app used by this integration.
Go to API permissions.
Add the appropriate Microsoft Graph permission listed above.
Click Grant admin consent.
If using resource specific consent, explicitly grant the app access to the target Team or Channel.
Reauthenticate or reconnect the app so the new permissions take effect.
+1Hello
That error is coming from Microsoft Graph, not Zapier, and it usually means the connection token you are using does not actually have the Teams message scopes that Graph requires.
Roles like Security Admin, Security Reader, and Privileged Role Admin do not grant Graph permissions for reading channel messages. Graph still requires one of these delegated permissions to be consented for the Zapier enterprise app: ChannelMessage.Read.All or ChannelMessage.Read.Group, and often Group.Read.All as well.
What I would check next
Go to Entra ID (Azure AD) then Enterprise applications then find the Zapier app connection you authorized
Open Permissions and confirm you see ChannelMessage.Read.All or ChannelMessage.Read.Group granted with Admin consent
If you do not, add the missing Microsoft Graph delegated permissions and grant Admin consent using a Global Admin or Teams Admin account
Reconnect the Zap in Zapier using the same admin consented account so the refreshed token picks up the new scopes
Also note the mention of resource specific consent in the error. If your tenant is enforcing RSC for this scenario, the app must be installed in the specific Team and granted access for that Team. Simply approving org wide permissions may not be enough.
If you confirm which permission set you granted in Entra ID for the Zapier enterprise app, I can tell you the exact minimal combo that typically works for pulling channel messages and posting to SharePoint news
Dr. Tanvi Sachar
Monday Certified Partner, Monday Wizard
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
