![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 59%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Microsoft Teams | Development
Building, integrating, or customizing apps and workflows within Microsoft Teams using developer tools and APIs
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 11%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETD%3C/text%3E%3C/svg%3E)
Hi @Suhail Ansari
Thank you for posting your question in the Microsoft Q&A forum.
Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.
A 403 error indicates that Microsoft Teams rejected the bot’s authentication request. This usually results from a mismatch in credentials or configuration between the Azure Bot resource, the Entra ID (Azure AD) app registration, the Teams channel configuration, and the Courier provider settings.
Please review the following areas:
1.Verify Azure Bot Registration
-Go to Entra ID > App registrations > select your bot application.
-Confirm that the Application (Client) ID matches the App ID configured in Courier.
-Also verify that the same App ID is configured in your Azure Bot resource.
2.Check Client Secret
-Navigate to Entra ID > App registrations > your bot > Certificates & Secrets.
- Ensure the secret is valid and not expired.
- Confirm Courier is using the secret value (not the Secret ID).
-If unsure, create a new client secret and update Courier.
3.Confirm Teams Channel is enabled
-In the Azure portal, open your Azure Bot resource.
-Under Channels, make sure Microsoft Teams is enabled.
4.Tenant Type (Single vs. Multi‑tenant)
-In Entra ID > App registrations > Authentication, confirm whether the app is:
- Single-tenant
- Multi-tenant
-If single‑tenant, the Tenant ID configured in Courier must exactly match the bot’s Entra ID tenant.
-If cross‑tenant scenarios are required, the bot app should be multi‑tenant.
5.Admin consent for API permissions
-Navigate to App registrations > API permissions.
-If permissions are listed but consent hasn’t been granted, click Grant admin consent.
6.Verify Teams App Manifest
-Verify the bot App ID in the Teams app manifest matches the Entra ID bot app registration.
7.Courier configuration
In Courier’s Microsoft Teams provider, confirm the App ID, Client Secret, and Tenant ID all correspond to the same bot app registration.
8.Ensure the bot is installed in Teams
For direct messages (direct_message:msteams):
-The bot must be installed for the target user in Teams.
For channel messages:
-The bot must be added to the Team.
Reference: Microsoft Teams - Courier.
This information is provided as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.
I hope this helps.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.