Foundry Agent Service
A fully managed platform in Microsoft Foundry for hosting, scaling, and securing AI agents built with any supported framework or model
Unable to publish hosted agent to Teams & M365 Copilot — identity mismatch error (May 2026, North Central US)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 71%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Dibyendu Kankalia
0
Reputation points Microsoft Employee
When I click "Publish → Teams & M365 Copilot" in AI Foundry portal for a hosted agent, the publish fails with:
Failed to publish agent
BotId 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' does not match the application's
default instance identity ClientId 'yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy'.
[Status: 400, Code: UserError]
The agent cannot be published to Teams at all. This blocks the entire Teams channel integration.
Root cause: The publish flow creates a new ServiceIdentity (ClientId Y) in the resource group, but then validates it against the agent's existing identity (BotId X) assigned at creation. These never match
because:
- The agent's instance_identity is immutable (PATCH returns 200 but doesn't update)
- Publish always creates a new identity instead of reusing the existing one
- The Foundry-managed ServiceIdentity cannot be deleted via Graph API
What I tried (all failed):
- Created a brand new agent — same error with fresh identities
- Deleted the auto-created bot service and republished — Foundry reuses the conflicting identity
- Attempted PATCH to update agent identity — silently ignored
- Granted RBAC to both identities — no effect
This affects every hosted agent in my project, not just one. Confirmed on two separate agents with completely different identities.
Operation IDs for investigation:
- f927ce5c61c14a188e727e42928040be (request: b05954fe2f2a1a82)
- 5ffd932c02b74d658a640a02e95aa273 (request: 948993c0406e2111)
Region: North Central US. Happy to provide subscription/tenant details privately if needed.
Foundry Agent Service
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
SRILAKSHMI C 18,035 Reputation points Microsoft External Staff Moderator2026-05-04T17:05:37.4633333+00:00 Hello @Dibyendu Kankalia
Thank you for the detailed information.
Based on your findings, this behavior aligns with a known gap in the current Azure AI Foundry “Direct publish” flow for Teams & M365 Copilot.
Your agent is created with an existing identity (BotId X)
During Publish → Teams & M365 Copilot, the service creates a new identity (ClientId Y)
The backend then validates that both identities match
Since BotId not equals ClientId, the publish fails with:
BotId does not match the application's default instance identity ClientIdAs you’ve already confirmed:
- The issue reproduces across multiple agents (including fresh ones)
- Identity updates (PATCH) do not take effect
- RBAC and permissions are correctly configured
This indicates the issue is not configuration-related, but due to how the current publish pipeline handles identity creation and validation.
Current status
This is not expected behavior, but it is a known limitation in the current direct publish experience
At present, the portal does not allow reusing or overriding the identity, which leads to consistent failure in this scenario
Please ensure the following prerequisites are met:
Register the Microsoft.BotService provider (if not already):
az provider register --namespace Microsoft.BotServiceVerify the agent/system identity has the required roles at project scope:
- Azure AI User
- Azure AI Project Manager
Please refer this
Publish agents to Microsoft 365 Copilot and Microsoft Teams (Download & customize approach) https://learn.microsoft.com/azure/ai-foundry/agents/how-to/publish-copilot?view=azure-python-preview#download-customize
Thank you!
-
Dibyendu Kankalia 0 Reputation points Microsoft Employee
2026-05-04T21:30:25.8366667+00:00 Is there an ETA for the fix or any issue that I can follow for updates ?
This blocks me from publishing any hosted agents to teams. I have tried the other option (Download and customize), and it does not work for me.
-
SRILAKSHMI C 18,035 Reputation points Microsoft External Staff Moderator
2026-05-05T17:34:25.25+00:00 I understand this is blocking your scenario. I’ll check internally with the engineering team regarding the ETA and any updates, and will get back to you as soon as I have more information.
Thank you!
Sign in to comment
Sign in to answer