Blog

Practical AI: Using Third-Party AI Notetaking Apps with Teams Meetings

Avatar photo
Post author:Written By

Should Microsoft 365 Tenants Block or Allow AI Notetaking Apps?

The growing array of third-party AI tools capable of connecting to Teams meetings top record and generate notes is steadily growing. The range of notetaking apps include offerings from:

I’m sure more will appear in the future. Some organizations analyze the range of AI assistants available in the market and decide on an enterprise version of a third-party app over the alternative, which is to use Microsoft 365 Copilot, or rather Copilot in Teams. I’m not concerned about these scenarios when organizations decide what they will use. The issue is more about when individuals download and use an AI assistant to join calls hosted by their home tenant and potentially in other tenants. The question is whether Microsoft 365 tenants should allow or block users from using these AI assistants to record and process Teams calls. In many ways, the same question arises over allowing users to upload files from SharePoint Online and OneDrive for Business for ChatGPT to process. I don’t think this is a good idea, but I understand why some users would be frustrated if their organization blocks this access.

It’s worth noting that Microsoft has started to crack down on the ability of users to grant access to apps that access user sites and file content (MC1097272, 17 published June 2025) using Microsoft-managed app consent policies. How long is it before access to user calendars is restricted in the same manner?

How the AI Notetaking Apps Work

Although I haven’t tried every AI notetaking app that’s available today, those that I have tried use a mixture of the Teams bot framework and an Entra ID enterprise app. The bot connects to meetings to capture what goes on, just like the Teams transcription and recording bot, while the enterprise app allows delegated access to the signed-in user’s calendar and potentially other mailbox data to detect when Teams meetings are scheduled.

For example, if a user attempts to install the Otter.ai app, the installation process makes a request to create a service principal for the Otter enterprise app in the user’s tenant to hold the permissions needed by the app. Hopefully, you have blocked the ability of users to register apps in the tenant in the User settings section of the Entra admin center. If you do, the user is forced to seek administrator approval for the Otter app (Figure 1).

The Otter app wants some permissions. AI notetaking apps
Figure 1: The Otter app wants some permissions

Administrators receive email notification to request their approval for the app. The details available to the administrator doesn’t reveal anything about how the app will be used and what it does. If you check the permissions requested for consent, the fact that they’re all delegated permissions will be of relief to some administrators because “only data available to the signed-in user is accessed.” But it’s what happens to that data which is where the concern rises.

Details of the Otter enterprise app.
Figure 2: Details of the Otter enterprise app

If granted, the Otter app shows up in the Enterprise apps section of the Entra admin center. Like any other enterprise app, the AppId for the Otter app is the same in all tenants (7caa06af-66c7-4db4-95c6-aedae793935a). Figure 3 shows the set of delegated permissions held by the Otter app. The Contacts.Read permission doesn’t appear in the set requested in Figure 1. That’s because this permission is requested (and granted, if approved) subsequently when the user synchronizes their calendar with the Otter browser app.

The Otter app and its set of delegated permissions
Figure 3: The Otter app and its set of delegated permissions

Using Otter

Once the enterprise app is in place, users can sign into Otter and use the browser app to connect their calendar to Otter and manage connections to Teams meetings (Otter supports connections to Zoom and Google calls too). Figure 4 shows the Otter transcript of a Teams call. Otter isn’t as good as Teams is at speaker attribution (recording who said something during a meeting), but the overall quality of the transcript is more than good enough for note taking, even with the free basic version.

Otter joins a Teams call and transcribes its discussions.
Figure 4: Otter joins a Teams call and transcribes its discussions

And cost is usually the nub of the issue. Otter allows 300 minutes of free transcription for meetings every month. That might be enough for someone who only wants notes from specific calls and is content to manage the minute allocation to achieve their goal. Why spend $30/month for a Microsoft 365 Copilot license when one of the keystone and most useful Copilot features is free from Otter or other AI notetaking companies, albeit with strict limits?

Why Block the Use of Third-Party AI Notetaking Apps

IT departments hate “shadow IT” and the personal versions of the AI notetaking apps fall into this category because they can be installed and run by users. Apart from IT losing control over apps, the usual problems cited with AI notetaking apps include data sovereignty (where does processing occur?) and compliance (where are the recordings and notes stored, does the organization have the ability to impose policy-driven controls over the recordings and notes, such as forced deletion after a set period).

The Entra sign-in logs option capture details of successful and unsuccessful attempts to sign into an app. This is a useful place to look to see who uses an app. A quick analysis of Entra ID sign-in records with the Microsoft Graph PowerShell SDK reveals accounts with successful sign-ins to the Otter app:

# Use an account that hoplds Reports Reader role with consent to use the AuditLog.Read.All Graph permission.
Connect-MgGraph -Scopes AuditLog.Read.All
$AppId = '7caa06af-66c7-4db4-95c6-aedae793935a'
[array]$AuditRecords = Get-MgAuditLogSignIn -Top 5000 -Sort "createdDateTime DESC" -Filter "AppId eq '$AppId' and status/errorCode eq 0"
$AuditRecords | Group-Object UserPrincipalName -NoElement | Sort-Object Count -Descending | Select-Object Name, Count
>>

Name                                Count
----                                -----
michelle.dubois@office365itpros.com     8
james.ryan@office365itpros.com          5
tony.redmond@office365itpros.org        2

The same technique to report who is using an app based on successful sign-in records works for any app – registered or enterprise. For example, to find the usage of the app used by ChatGPT to upload documents from SharePoint and OneDrive for processing, use e0476654-c1d5-430b-ab80-70cbd947616a for the AppId.

The use of enterprise apps as the access point for A1 notetaking apps to Microsoft 365 tenants is yet another reason why administrators need to keep a close eye on the apps in use within the tenant by using the App Governance solution in Microsoft Defender for Cloud Apps or a commercial package to track and report on app registration and usage. Alternatively, you can write PowerShell scripts to do the job (it’s not hard and there are plenty of examples posted on the internet). It’s especially important to know what apps have consent to use high-priority permissions, because those are the apps that can do real damage in the wrong hands.

Dealing with Banned AI Notetaking Apps

If a tenant allows people to use a third-party AI assistant, they might be tempted to connect to a Teams meeting hosted in another tenant. In this scenario, the hosting tenant might have blocked their users from installing and using third-party notetaking apps, but because apps run in the context of a user, when the bots representing users connect to meetings, they do so as a guest or anonymous participant. The block on the hosting tenant’s own users won’t work because the enterprise app runs in the user’s home tenant. Basic steps that can be used to control third-party notetaking apps include:

  • Operate a zero-tolerance policy towards any bot joining a Teams call and instruct meeting organizers to immediately eject any bots from calls as soon as the presence of a bot is detected. The person who attempts to use the bot should be warned that bots are prohibited, and if this behavior persists, might be banned from joining calls in the host tenant.
  • Make sure that only users from the host tenant and presenters are allowed to bypass the meeting lobby. Attempts by bots to join calls can be blocked when they wait in the lobby.
  • Implement the Teams policy to require verification checks to join meetings and webinars in your tenant.

In addition, if meeting organizers have Microsoft 365 Copilot licenses, they can ask Copilot to generate meeting notes and circulate the notes (edited if necessary) to participants afterwards. The Teams Facilitator agent is capable of taking good notes for group chats.

Counting Pennies to Pay for AI

The Teams meeting recap is one of the best features in Microsoft 365 Copilot. It works well because the AI reasons over a limited set of data (the meeting transcript) to pick out notes about decisions reached and questions raised. I like the Teams implementation very much, and it’s probably the Copilot feature that I use most heavily. But are meeting recaps sufficient to justify the cost of Copilot? Probably not, and everyone has to find value for their own activities from the range of features available in Copilot chat, apps, and agents to justify the license cost.

Tags: , , ,

About the Author

Tony Redmond

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He is the lead author for the Office 365 for IT Pros eBook, the only book covering Office 365 that is updated monthly to keep pace with change in the cloud. Apart from contributing to Practical365.com, Tony also writes at Office365itpros.com to support the development of the eBook. He has been a Microsoft MVP since 2004.

Leave a Reply