Share via

"`The tenant admin disabled this bot" / no webhooks delivered upon installation

Ryan Jones 0 Reputation points
2026-05-05T19:42:12.39+00:00

I am trying to create a Teams app with a notification bot. I have done the following:

  1. create a multi-tenant entra registration and added a client secret
  2. create an azure bot and using the client ID of the above registration
  3. Added Teams a channel
  4. Set an endpoint of https://app.getmycompany-staging.com/microsoft/bot
  5. Uploaded this manifest (says its valid in dev.teams.microsoft.com)
{
  "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.19/MicrosoftTeams.schema.json",
  "manifestVersion": "1.19",
  "version": "1.0.0",
  "id": "
  "developer": {
    "name": "mycompany",
    "websiteUrl": "https://getmycompany.com",
    "privacyUrl": "https://getmycompany.com/privacy",
    "termsOfUseUrl": "https://getmycompany.com/terms"
  },
  "icons": {
    "color": "color.png",
    "outline": "outline.png"
  },
  "name": {
    "short": "My company Surveys",
    "full": "mycompany Quarterly Surveys"
  },
  "description": {
    "short": "Quarterly survey reminders from mycompany.",
    "full": "mycompany sends each team member a reminder to complete their quarterly survey. Once installed to a team, mycompany reads the team roster and sends individual reminders to anyone who hasn't yet completed the survey."
  },
  "accentColor": "#0066CC",
  "bots": [
    {
      "botId": "
      "scopes": [
        "personal",
        "team"
      ],
      "supportsFiles": false,
      "isNotificationOnly": false
    }
  ],
  "webApplicationInfo": {
    "id": "
    "resource": "api://getmycompany-staging.com/
  },
  "validDomains": [
    "app.getmycompany-staging.com"
  ],
  "authorization": {
    "permissions": {
      "resourceSpecific": [
        {
          "name": "TeamMember.Read.Group",
          "type": "Application"
        }
      ]
    }
  }
}

[Moderator note: personal info removed] 

For my teams instance that is in the same tenant as where the bot and app registration are created:

The app successfully uploads in admin.teams.microsoft.com
The app successfully sideloads within the Teams UI
The app says it is installed for me personally

for sanity purposes:
My GET endpoint of https://app.getmycompany-staging.com/microsoft/bot returns a 200 always
My POST endpoint of https://app.getmycompany-staging.com/microsoft/bot returns a 200 always
there is no auth on it

I have checked the following

  • app permission policy (available to all)
  • org settings (allows custom apps)
  • looked for anything in messaging policy that is off (have never touched it)
  • I am a global admin
  • multiple hours have passed since resource creation
  • all setup policies (all allow custom apps)
  • the Teams I install it to show it as an app, I can also tag the app in a message in the messages

I can see my GET endpoint get hit anytime I open the "Configuration" tab of my Azure Bot as it does a ping.
I can see my POST endpoint get hit from the webchat test when I send a message

I do not see any other webhooks come through.

Validating I have credentials and my app can authenticate (even though it's not receiving anything that should trigger it) I am able to get an access token through
curl -k -X POST "https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token" \

-d "grant_type=client_credentials" \

-d "client_id=${APP_ID}" \

-d "client_secret=${APP_SECRET}" \

-d "scope=https://api.botframework.com/.default"

When I am trying to do installations I see the same "the tenant admin disabled this bot"

I've hired multiple people on Upwork, gone through support on the MS Teams part, no one can figure it out. Spent hours with Claude, Gemini, etc. Have tried following this blog post and do not see "the tenant admin disabled this bot" but just don't see any sign whatsoever of webhooks coming through.

Trying to fill out a support request MS runs diagnostics and says it's getting a 401, which it treats as a 502, but I see nothing in my logs while it runs those diagnostics.

Microsoft Teams | Development
Microsoft Teams | Development

Building, integrating, or customizing apps and workflows within Microsoft Teams using developer tools and APIs

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nivedipa-MSFT 4,081 Reputation points Microsoft External Staff Moderator
    2026-05-06T05:18:09.2+00:00

    Hello Ryan Jones,
    The "tenant admin disabled this bot" message and the 401 errors in Microsoft's diagnostics typically come from two main sources, rather than the policies you’ve already reviewed:

    • Per-app status in Teams Admin Center. In Teams apps → Manage apps, each app has its own Status (Allowed or Blocked), which operates independently from org-wide custom app settings and app permission policies. Sideloaded apps are often set to Blocked by default, and a global "allow" policy doesn’t override this. Locate your app, set its Status to Allowed, and allow some time for the change to take effect.
    • Edge components returning 401 before your app is reached. If Microsoft’s diagnostics show a 401 error but your app logs show nothing, this usually means the request isn’t reaching your app. A reverse proxy, WAF, Cloudflare rule, or staging environment password protection on app.getmycompany-staging.com might be returning the 401. To check, try an unauthenticated POST to /microsoft/bot from outside your office or VPN; if you receive a 401 and see no logs, the issue is at the edge and needs to be resolved to allow Bot Service traffic.

    Additional checks to run in parallel:

    • Log every activity type, not just message. Install events come through as installationUpdate or conversationUpdate (membersAdded); without logging these, successful installs may appear as inactivity.
    • Ensure webApplicationInfo.id matches bots[].botId in the manifest.
    • Double-check the messaging endpoint in the Azure Bot resource for any trailing spaces or incorrect schemes, as the Azure portal may accept both without warning.

    Once your app is marked as Allowed in Manage apps and external POSTs are reaching your app, you should start seeing the install activities as expected.

    0 comments
  2. Hin-V 14,180 Reputation points Microsoft External Staff Moderator
    2026-05-05T22:45:52.63+00:00

    Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.  

    Hi @Ryan Jones

    Good day, and I appreciate the clear explanation of your concern.    

    As far as I know, using a multi-tenant Microsoft Entra application with a client secret is a valid and supported approach for cross-tenant scenarios, so the overall design you’ve described is aligned with the expected setup. 

    Currently, I have not found any relevant articles or established troubleshooting approaches that directly address this issue yet. To help you reach your goal more effectively, I recommend engaging with [GitHub Community Forum] for a deeper technical dive or to connect with individuals who have relevant experience and expertise. Some approaches may behave differently or be restricted depending on your specific environment and configuration. These forums include many experienced developers and Microsoft specialists who can assist with troubleshooting and guidance.   

    Apologies for redirecting you to the related development team support. As moderators in this community, I do not have access to your specific tenant configuration, and my testing environment is limited. Therefore, my guidance is based on available Microsoft documentation and resources.  

    If you have any additional concerns, feel free to comment below. I would be more than happy to assist. 

    Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.