Howto bypass the "Import-only" restriction for Application permissions, or is a Service Account with Delegated permissions

Hi Gilkey Nabil

Thank you for reaching out to Microsoft Q&A forum.

As far as I know, when calling POST /teams/{team-id}/channels/{channel-id}/messages is expected when you use an app-only (client credentials) access token for regular channel posting. Microsoft Graph supports sending channel messages in normal (non-migration) scenarios using delegated permissions (for example, ChannelMessage.Send), but application permissions for posting messages are restricted to migration/import scenarios

In this situation, you can try two options below to see if it can help you:

1. Use delegated authentication for normal “status update” posting: If your goal is to post new channel messages as part of a business process (not migration/import), use a delegated flow so the request is made in the context of a signed-in user, and grant the delegated permission ChannelMessage.Send (least privileged) as documented for this API.
2. Use application-only only if you are truly doing migration/import: If your scenario is importing historical messages into Teams, the application permission path is tied to migration/import usage and is not intended for standard operational notifications.

Hope my answer will help you. For any further concern, feel free to let me know in the comment section.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.