# Grant Admin Consent for Arist in Teams Before using the Arist Teams apps, you must provide admin consent on behalf of your tenant so that Arist can send activity notifications and authenticate the users in Teams. You'll need to grant admin consent for both the Arist main app and the Arist Comms app. -------------------------------------------------------------------------------- GRANT ADMIN CONSENT FOR ARIST (MAIN APP) To set this up, go to your Teams Admin [https://admin.teams.microsoft.com/policies/manage-apps]Center [https://admin.teams.microsoft.com/policies/manage-apps]and find the Arist app, which is a published Teams app. Under the Permissions tab, you can provide the necessary consent. These are the permissions you are allowing: * TeamsActivity.Send.User (Application Permission): for Arist to send Activity Feed Notifications whenever the user has a new message * User.Read (Delegated Permission): for Arist to authenticate the end user using their Teams email address, so that they don't have to login whenever they use the Arist app in Teams -------------------------------------------------------------------------------- GRANT ADMIN CONSENT FOR ARIST COMMS Additionally, you will also need to configure permissions for the Arist Comms app: 1. In Teams Admin Center > Manage apps, search for "Arist Comms" 2. Click on the Arist Comms app 3. Go to the Permissions tab 4. Provide the necessary consent This is the permission you are allowing: * TeamsAppInstallation.ReadWriteSelfForUser.All * Purpose:  * It is to ensure learners are on the latest version.  * Context: We saw considerable friction with the upgrade of the Legacy app to the "v2" version because Teams Users with the App already installed had to action the update individually, we discussed with Microsoft at length and they maintained there was no way to force update the app from the Teams Admin Center as a Global Read/Write Admin nor from our side as the App developers. Including this permission with the Comms app aims to future-proof us against such friction in the future. * On "Required":  * In short, it is not (see below how to get around this) * Context: In the M365 Admin Center dashboard > Manage Apps > Arist Comms > Permissions tab you can only blanket grant consent for both required permissions but in Azure portal > Entra Service Principal for the Arist Comms app you can then revoke just the TeamsAppInstallation.ReadWriteSelfForUser.All  permission and retain the User.Read permission, which is required for base functionality of the Arist Comms app -------------------------------------------------------------------------------- --------------------------------------------------------------------------------