What TeamGroup is
TeamGroup is a multi-account client for Microsoft Teams chat, built by InControl Solutions Inc., a certified Microsoft Partner. Users who hold Teams accounts in more than one organization (a work account plus client tenants, a school, a board, a volunteer org) connect those accounts to TeamGroup and get one unified inbox with real-time notifications from every account — something the native Teams client only provides for the currently active account.
How authentication works
TeamGroup uses Microsoft's own OAuth 2.0 sign-in with delegated permissions. Users authenticate directly with Microsoft (login.microsoftonline.com) — the same consent flow as any Microsoft 365 app. TeamGroup never sees, receives, or stores Microsoft passwords. The exact permissions requested are listed on Microsoft's consent screen at connection time, and the app appears in your tenant's Enterprise applications like any other OAuth application.
What it can and cannot access
- Delegated only. TeamGroup acts on behalf of the signed-in user via the Microsoft Graph API. It can never access anything the user themselves cannot access. There are no application-level (tenant-wide) permissions.
- Scope. Teams chats and channel conversations for the connected account — reading, sending, and change notifications for real-time delivery.
- Your controls apply. TeamGroup does not bypass admin consent policies, Conditional Access, or third-party app restrictions. If your tenant blocks unapproved OAuth apps, TeamGroup is blocked like any other app until you approve it.
How data is protected
- OAuth tokens are encrypted with AES-256-GCM at the application layer before storage; on mobile devices, tokens live in the iOS Keychain or Android encrypted storage.
- All traffic uses HTTPS/TLS — device to TeamGroup, TeamGroup to Microsoft Graph. The Android app adds certificate pinning on release builds.
- Data at rest is hosted on Microsoft Azure and protected by Azure SQL Transparent Data Encryption.
- No analytics trackers, no advertising pixels, no data sales. TeamGroup sign-in itself is passwordless (email one-time codes), so there is no TeamGroup password database to breach.
How to revoke access
Three ways, any of which immediately cuts TeamGroup off:
- User-level: the user disconnects the account inside TeamGroup, or revokes consent at myapps.microsoft.com.
- Admin-level: revoke or disable the app under Entra ID → Enterprise applications in your tenant.
- Account deletion: when a user disconnects an account or deletes their TeamGroup account, the associated data is deleted.
Questions we're happy to answer
If you're evaluating TeamGroup for your organization or reviewing a consent request, email support@teamgroup.app and we'll walk you through the permission list, data flows, and our practices. Full details are in the Privacy Policy and Terms of Service.