Data Visibility for Leena AI Microsoft Teams Tab App

When Leena AI is deployed inside Microsoft Teams as a tab application, conversations between end users and the Leena AI assistant — including any personally identifiable information, compensation details, or other sensitive content rendered in the assistant's interface — are not accessible to your Microsoft Teams or Microsoft 365 administrators through the standard Microsoft governance toolkit. This includes Microsoft Purview eDiscovery (Standard and Premium), Content Search, Audit Log search, retention policies, and Data Loss Prevention rules applied to Teams. Conversation data flows directly between the user's browser and Leena AI's servers; it does not transit or persist within the Microsoft 365 substrate.

This brief explains the architectural reasons this property holds and provides a verification path your team can run in your own tenant.

Architectural basis

Leena AI's tab deployment renders the assistant inside an iframe served from Leena AI domains under *.leena.ai. The iframe enters via a regional entry point following the pattern {region}-bots.leena.ai (for example, us-east-1-bots.leena.ai) which handles the Teams SSO bootstrap, then loads the assistant UI from web.leena.ai. Microsoft documents this design explicitly in its tab requirements guidance, which instructs developers to enable iframe rendering by configuring X-Frame-Options and Content-Security-Policy response headers. The Teams desktop, browser, and mobile clients act as host shells that load this iframe; the conversation itself executes entirely within the iframe's origin.

Because the Teams shell and the Leena AI iframe operate at different web origins, the browser enforces a fundamental web platform rule called the Same-Origin Policy. As documented by Mozilla, script access to an iframe's content is restricted: scripts at one origin cannot read the DOM, JavaScript state, cookies, local storage, or network responses of an iframe at a different origin. This isolation is enforced by the browser engine itself and applies uniformly regardless of tenant configuration or administrative tooling. It is a stronger guarantee than a vendor commitment because it cannot be unilaterally revoked.

The administrative tooling Microsoft provides for governing Teams — Purview eDiscovery, Content Search, retention, audit, and DLP — operates against compliance records that the Microsoft 365 substrate writes when users perform Teams-native actions. The Microsoft Purview documentation for Teams eDiscovery enumerates what these tools can search: chat messages, channel posts, meeting metadata, files, and adaptive cards posted into chat threads. Interactions inside a third-party tab application are not enumerated because the substrate does not receive them. The tab's network traffic flows browser-to-Leena AI directly and never raises a substrate event.

The Leena AI Teams application's manifest includes a single bot registration with the property isNotificationOnly set to true, which per the Microsoft Teams app manifest specification disables user-initiated conversation with the bot; the bot exists solely as the service principal required to issue activity feed notifications and is not exposed as a conversational surface. The manifest declares no messaging extensions, compose extensions, or configurable channel tabs. All user-initiated interactions with the assistant therefore occur exclusively through the static tab iframe described above.

What this means in practice

A Microsoft Teams administrator at your organization, exercising the full set of Purview, eDiscovery, audit, and retention tools available to them, cannot retrieve the text, attachments, or metadata of conversations conducted inside the Leena AI tab. PII, compensation, and any other sensitive data presented in the assistant's interface remains within Leena AI's environment and is governed by Leena AI's contractual data handling commitments.

Verifying this in your environment

Your security team can validate this property directly. The procedure: deploy the Leena AI tab into a non-production tenant, sign in as a test user, conduct a conversation containing synthetic but recognizable PII strings, and then run a Microsoft Purview Content Search and a Premium eDiscovery case search across the test user's mailbox and all Teams locations using those PII strings as queries. Both searches will return no results. Leena AI will conduct this exercise jointly with your team during onboarding on request.

Few caveats to note

1. The Microsoft Teams Admin Center does surface basic application usage telemetry — which users have installed the Leena AI app, when they last launched the tab, and approximate session duration. This telemetry contains no conversation content, no message text, and no payload data. It is metadata only, equivalent to what Microsoft surfaces for any Teams application.

2. Leena AI also uses the Microsoft Graph activity feed notification API to surface alerts in the user's Teams activity pane. Per Microsoft's sendActivityNotification documentation, these notifications are delivered to the user's Teams activity pane and to operating-system notification surfaces — not into the Teams messaging substrate. The notification payload — preview text, template parameters, deep-link targets — is not written to any Exchange-resident compliance record and is therefore outside the scope of Purview eDiscovery, Content Search, retention policies, and DLP. Tenants that have enabled Microsoft Graph Activity Logs (an opt-in capability requiring Entra ID P1/P2 and Azure Monitor configuration) will see API request metadata — caller app, target user, timestamp, response code — but not the notification body.

3. This brief specifically addresses Microsoft 365 Cloud governance (the Teams and Exchange substrate). It does not apply to your local endpoint or network-level security controls. So, if your organization deploys Endpoint DLP agents (including Microsoft Purview Endpoint DLP), Cloud Access Security Brokers (CASBs), or Secure Web Gateways (e.g., Zscaler), those tools operate independently of the Teams substrate and will function normally.