New Adobe Integration for PDF Processing in Microsoft Teams

Posted on by Tony Redmond

Example of Adobe-Microsoft Co-operation Around PDFs

Microsoft’s December 5 announcement that tenants can opt to use a new Adobe integration with Teams to open PDFs instead of the built-in Teams viewer is evidence of the close relationship between the two companies around PDF processing in Microsoft 365. PDFs are hugely important within Microsoft 365 as a means of sharing information generated both inside and outside organizations. My guess is that Office documents and PDFs cover 97% of all files stored in SharePoint Online and OneDrive for Business.

Earlier examples of Microsoft-Adobe co-operation include:

The details of how to configure Teams to make the change are available online and don’t need to be repeated here. The new integration is available for the Teams desktop and browser clients but not for Teams mobile.

Adobe’s Enterprise Azure AD Apps

The interesting thing about the integration is the Adobe’s use of an enterprise Azure AD app with a bunch of delegate Graph API permissions (Figure 1). Part of implementing the integration involves granting consent for these permissions, which allow the app to read details about the signed-in user and access their files. The permissions are needed to make the integration work.

Graph API permissions granted to the Adobe Acrobat enterprise app
Figure 1: Graph API permissions granted to the Adobe Acrobat enterprise app

My tenant now boasts three Adobe enterprise apps (Figure 2). The Adobe Document Cloud app has similar permissions and is used to open PDF files stored in SharePoint Online in Adobe’s document cloud. The Adobe Reader app has permissions to interact with Microsoft Information Protection. It’s the oldest app and is used by an integration between the old Azure Information Protection client and Adobe Acrobat. Interestingly, the newest app does not use the Adobe logo while the older two do.

A set of Adobe enterprise apps
Figure 2: A set of Adobe enterprise apps in Azure AD

The existence of multiple Adobe enterprise apps in Azure AD underlines the need for tenant administrators to know what function enterprise apps serve. An enterprise app is a tenant-specific instance of an application object. In this case, the three apps are owned by Adobe, so the enterprise app is an instance of those apps installed into my tenant. The service principal associated with each app determines who can use the app and what they can do.

Opening PDFs from Teams

The big difference about opening a PDF using the Adobe integration instead of the Teams viewer is that the app extracts the file from Teams (or rather, SharePoint Online or OneDrive for Business) and copies it for processing in Adobe Document Cloud (or what’s referred to as “Adobe’s signature PDF experience”). Figure 3 shows a typical example of reading a PDF in Adobe Document Cloud.

Reading a PDF from Teams in Adobe Document Cloud Adobe integration with Teams
Figure 3: Reading a PDF from Teams in Adobe Document Cloud

Users don’t need licenses to view PDFs and can sign into Adobe Document Cloud with a free account to annotate, comment, or apply sticky notes to PDFs. Users with paid-for licenses can access other features. For more information, see Adobe’s FAQ.

When the integration is active, users have two options to open a PDF from Teams (Figure 4). Open in Adobe Acrobat means “open in Adobe Document Cloud.” It’s interesting that you cannot open a PDF protected with sensitivity label encryption through Adobe Document Cloud. This is likely because the Document Cloud cannot open a protected PDF because it cannot prove that it’s doing so on behalf of a user with rights to access the content. In this situation, you can open the protected PDF with a browser or download a local copy and open it with Adobe Acrobat or another reader that supports protected content.

Options in the Teams Files Channel tab to open a PDF
Figure 4: Options in the Teams Files Channel tab to open a PDF

If you want to use the Teams viewer with a PDF, you can use the Preview option. This can’t open protected PDFs either.

Microsoft notes that Adobe removes the PDFs copied to Document Cloud within 24 hours. According to Adobe, PDFs remain encrypted in transit and at rest during cloud processing.

Sensitivity Labels Shown in Send Link Dialog

Another recent change associated with sensitivity labels is that the send link dialog used by SharePoint Online and OneDrive for Business when users share files with others now includes the sensitivity label (Figure 5), if a file has an assigned label. This change is covered in Microsoft 365 notification MC481831 (December 8). Microsoft didn’t give any heads-up before introducing the change, but it’s a good one that helps people to understand the nature of the information they share.

The SharePoint Send link dialog now includes sensitivity labels
Figure 5: The SharePoint Send link dialog now includes sensitivity labels

The new Send link dialog should now be available in all tenants. It’s an example of how a small change makes a big difference.

Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.