Azure Bot Framework on Azure Web App (Linux) – AADSTS700016 unauthorized client when sending messages

Question

I am deploying a Python Bot Framework bot to an Azure Web App (App Service on Linux). The bot starts successfully and receives incoming messages, but it fails when sending a reply with an authentication error.

---

Issue Description

The bot receives incoming activities correctly

on_message_activity is triggered

The failure happens only when calling turn_context.send_activity()

The error occurs during OAuth token acquisition

---

Error

AADSTS700016: Application with identifier 'fefd4924-a8bc-xxxxxxxxx-xxxxxxxx' was not found in the directory 'Bot Framework'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: xxxxxxxxxxxx Correlation ID: xxxxxxxxxxxxxxxxx Timestamp: 2026-02-06

---

Verified Configuration

Azure AD tenant ID is the same for:

Azure Bot resource

Azure AD App Registration

Bot type: Single Tenant

Azure AD App Registration

App (Client) ID exists and is enabled

Client secret value (not secret ID) is used

Client secret is valid and not expired

Azure Bot resource

Microsoft App ID matches the App Registration exactly

Azure Web App (Linux)

MicrosoftAppId and MicrosoftAppPassword are set correctly

App Service restarted after configuration changes

Bot Framework SDK for Python

Python 3.11

App Registration has API permissions: User.Read.All with Admin consent granted

Despite all of the above, Azure AD still reports that the application identifier cannot be found when the bot attempts to send messages.

---

Request for Help

Could someone please help clarify:

Are there additional requirements for Single Tenant Azure Bots to authenticate successfully?

Is explicit admin consent or additional permissions required for Bot Framework to use the App Registration?

Are there known issues or differences between Azure Bot and Bot Channels Registration that could cause this?

Can an Azure Bot resource retain a stale or invalid App ID binding even when configuration appears correct?

Any guidance on how to properly validate or reset the Bot Framework ↔ Azure AD App Registration authentication would be greatly appreciated.

 

 

Answer 1

Hi @Gauri Satalkar

AADSTS700016: Application with identifier 'fefd4924-a8bc-44d8-9d9c-xxxxxxxx' was not found in the directory 'Bot Framework'. You may have sent your authentication request to the wrong tenant.

This typically occurs when the Azure Bot resource is not properly linked to the App Registration in your own tenant, and the token request is falling back to the default Bot Framework tenant instead.

This error happens because the bot’s AppId is not correctly resolved within your tenant, causing it to try authenticating against the Bot Framework tenant instead. Double-check your App Registration, Bot resource configuration, and App Service environment variables to ensure all IDs and secrets align with your tenant.

For reference: https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=userassigned%2Caadv2%2Ccsharp https://learn.microsoft.com/en-us/azure/bot-service/bot-service-manage-overview?view=azure-bot-service-4.0&tabs=userassigned

Threads with similar issue and resolved: https://learn.microsoft.com/en-us/answers/questions/5491634/aadsts700016-application-with-identifier-x-was-not https://learn.microsoft.com/en-us/answers/questions/2046326/aadsts700016-application-with-identifier-(id)-was
https://stackoverflow.com/questions/57324634/aadsts700016-application-with-identifier-some-id-was-not-found-in-the-directo

Do let me know if you have any further queries.

Thank you!