OpenAI has quietly shipped one of the most significant enterprise AI integrations of 2026. ChatGPT can now read your Microsoft Teams messages. Not through a user connecting their own account — through a single admin-managed setup that indexes your entire organisation's Teams content and makes it available inside ChatGPT for every user in the workspace.
This is available right now for ChatGPT Enterprise and Edu workspaces. If you manage Microsoft 365, you will get asked about it. Here is what it does, what the admin setup looks like, what the risks are, and how to think about whether to enable it.
What the integration actually does
The Microsoft Teams app with admin-managed sync lets ChatGPT index supported Teams messages and conversation metadata across your workspace. Once enabled, when a user asks ChatGPT a question, it can automatically draw on Teams content to answer — without the user needing to paste anything in or connect their own account.
A user asks ChatGPT: "What was the outcome of last Tuesday's architecture review meeting?" — ChatGPT searches the indexed Teams content and surfaces the relevant discussion, decisions, and action items from the channel the user already has access to.
The key word is already has access to. Microsoft Teams permissions are respected — ChatGPT can only surface content a user is already allowed to see in Teams. A user cannot use ChatGPT to read channels they are not a member of.
Admin-managed sync vs self-service — what is the difference?
There are two versions of the Teams app for ChatGPT. Understanding the difference matters for how you plan the rollout.
| Feature | Self-service | Admin-managed sync |
|---|---|---|
| Who sets it up | Each user individually | Admin sets up once for the whole workspace |
| Teams content indexed | Only the user's own connected account | All content in admin-defined scope |
| Background sync | No | Yes — content refreshed periodically |
| Purview label filtering | No | Yes — admins can exclude sensitive labels |
| Availability | Enterprise, Edu, Team | Enterprise and Edu only |
| RBAC control | Not available | Yes — role-based access control |
Admin-managed sync is the one worth planning carefully. It is more powerful, more controlled, and the one that requires Microsoft Entra admin consent before anything happens.
The Entra ID connection — what permissions does ChatGPT request?
This is where most IT admins will want to pause and read carefully. The integration works through Microsoft Graph. When an admin enables the Teams app with sync, ChatGPT requests a set of Microsoft Graph application permissions — meaning it can sync data in the background without each user signing in individually.
A Microsoft Entra admin must grant consent. These are application permissions — they do not self-activate. Nothing syncs until an Entra admin reviews and approves the Graph permissions for the ChatGPT enterprise application in your tenant.
The permissions ChatGPT requests cover reading Teams messages, membership, channel data, and directory information. A notable one is SensitivityLabels.Read.All — a delegated permission used to apply the Purview sensitivity label filter (more on that below). Every permission requires explicit Entra admin consent.
The Purview sensitivity label filter — the most important setting for most organisations
If your organisation uses Microsoft Purview sensitivity labels, this setting is the first thing to configure before enabling sync. It lets admins define which labelled content is excluded from the ChatGPT index.
For example, you can configure the filter so that any Teams message or channel tagged with a Highly Confidential or Restricted sensitivity label is never indexed. ChatGPT will not be able to surface that content regardless of what a user asks.
- ✓ Sensitive channels excluded from index
- ✓ HR, legal, executive content protected
- ✓ Finance data stays out of AI queries
- ✓ Audit trail via Purview
- ✗ All in-scope content indexed
- ✗ Sensitive discussions may surface
- ✗ Harder to control data governance
- ✗ Compliance risk if labels are not applied
Tip: Review your Purview sensitivity label taxonomy before enabling this integration. If labels are inconsistently applied across Teams channels, the filter will only be as good as your labelling coverage. This is a good forcing function for a labelling audit.
What ChatGPT cannot do — it is read-only
The Teams app with sync is strictly read-only. There is a clear list of what it cannot do, which is worth sharing with stakeholders who raise concerns:
- Cannot send messages to any Teams channel or chat
- Cannot create new chats, channels, or Teams
- Cannot create or assign tasks
- Cannot list every team or channel in the tenant (scoped to admin-approved sync scope)
- Cannot list all members of a conversation beyond the sync scope
- Cannot take any action in Teams — queries only
Step-by-step: how to enable it
This is the setup sequence for workspace owners and admins. You need a Microsoft Teams admin account that can grant Microsoft Entra admin consent before starting.
Security considerations every IT admin should review
This integration changes your Microsoft 365 security posture in a specific way. The threat surface is not the application itself — it is identity and consent.
Should you enable it? A decision guide
There is no single right answer — it depends on your organisation's AI adoption stage, data governance maturity, and risk appetite. Here is a simple framework:
| Your situation | Recommendation |
|---|---|
| You have Purview labels applied consistently across Teams | Enable with label filter — good governance foundation in place |
| You have no Purview labels or inconsistent labelling | Enable with narrow scope first — do a labelling audit in parallel |
| You have strict data residency or sector compliance requirements | Review OpenAI's enterprise data agreement and DPA before enabling |
| You are in a pilot with a small group of power users | Enable with RBAC scoped to the pilot group — ideal approach |
| Your security team hasn't reviewed it yet | Do not enable — share this post, book a review session first |
The broader picture
This is one of three Microsoft 365 integrations OpenAI has rolled out for ChatGPT Enterprise — the others are SharePoint and Outlook. Each follows the same pattern: admin-managed setup, Graph application permissions, Entra admin consent, Purview label filtering, RBAC controls.
OpenAI is also migrating the SharePoint app scope from delegated to application permissions as of June 2026 — Teams may follow the same path. If you have already enabled the SharePoint connector, check your Entra ID app permissions and confirm the scope migration has been handled correctly in your tenant.
Bottom line for IT admins: This is a genuinely useful integration when configured correctly. The value is real — Teams is where your organisation's institutional knowledge lives, and making it searchable through a natural language interface is powerful. The risk is manageable with proper Entra governance, Purview labelling, and a scoped rollout. The admins who will struggle are those who enable it without reviewing the Entra permissions and assuming Teams security handles everything. It does not — you need to actively manage the ChatGPT service principal in your tenant.