Microsoft Teams bot stops receiving events after updating app manifest with tab support until the app is reinstalled

Question

We have an existing Microsoft Teams bot application that is already installed in a Teams channel (team scope) and is working correctly.

Recently, we added tab support to the existing bot by updating the Teams app manifest and increasing the manifest version. The updated app package was uploaded to the Microsoft Teams Admin Center.

After updating the app package:

The existing bot installation in the Teams channel stopped sending events to the bot endpoint.

The bot does not receive conversation events or messages.

When we manually remove and reinstall the app in the channel, the bot starts working again and events are received normally.

We want to understand why updating the app manifest causes the existing bot installation to stop sending events and why reinstallation is required.

Environment

• Platform: Microsoft Teams
• Bot Framework
• App distributed via Teams Admin Center
• App type: Teams Bot with Tab support
• Hosting: Azure (Bot Service / API endpoint)

Steps to Reproduce:

1. Install the Teams bot in a Teams channel.
2. Verify that the bot receives events normally.
3. Update the Teams app manifest by adding configurable tab support.
4. Increase the app version and upload the new package in Teams Admin Center.
5. Observe that the existing bot installation stops receiving events.
6. Remove and reinstall the app in the channel.
7. After reinstalling, the bot starts receiving events again.

Could you please confirm whether this behavior is expected when updating the Teams app manifest with additional capabilities?

Also, please provide a response as soon as possible, as this issue is currently impacting our testing and deployment process.

Below is our manifest. Json

{
  "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.22/MicrosoftTeams.schema.json",
  "manifestVersion": "1.22",
  "version": "1.11.6",
  "id": "<APP_ID>",
  "developer": {
    "name": "<COMPANY_NAME>",
    "websiteUrl": "<COMPANY_WEBSITE>",
    "privacyUrl": "<PRIVACY_POLICY_URL>",
    "termsOfUseUrl": "<TERMS_URL>"
  },
  "name": {
    "short": "<NAME>",
    "full": "<NAME>"
  },
  "description": {
    "short": "<DESCRIPION>",
    "full": "<DESCRIPION>"
  },
  "icons": {
    "outline": "outline.png",
    "color": "color.png"
  },
  "accentColor": "#661DC2",
  "configurableTabs": [
    {
      "configurationUrl": "https://<TAB_DOMAIN>/?env=prod",
      "canUpdateConfiguration": true,
      "scopes": [
        "team"
      ],
      "context": [
        "channelTab"
      ]
    }
  ],
  "staticTabs": [],
  "bots": [
    {
      "botId": "<BOT_APP_ID>",
      "isNotificationOnly": false,
      "supportsFiles": false,
      "scopes": [
        "personal",
        "team",
        "groupChat"
      ],
      "commandLists": [
        {
          "scopes": [
            "personal",
            "team",
            "groupChat"
          ],
          "commands": [
            {
              "title": "loops",
              "description": "Invoke workflow/actions"
            },
            {
              "title": "ask",
              "description": "Ask bot questions"
            }
          ]
        }
      ]
    }
  ],
  "composeExtensions": [],
  "permissions": [
    "identity",
    "messageTeamMembers"
  ],
  "validDomains": [
    "token.botframework.com",
    "<BOT_SERVICE_DOMAIN>",
    "<TAB_DOMAIN>"
  ],
  "webApplicationInfo": {
    "id": "<BOT_APP_ID>",
    "resource": "api://<BOT_APP_ID>"
  },
  "authorization": {
    "permissions": {
      "resourceSpecific": [
        {
          "name": "ChannelMessage.Read.Group",
          "type": "Application"
        },
        {
          "name": "Member.Read.Group",
          "type": "Application"
        },
        {
          "name": "Team.Read.Group",
          "type": "Application"
        },
        {
          "name": "TeamsActivity.Send.Group",
          "type": "Application"
        },
        {
          "name": "TeamsTab.Create.Group",
          "type": "Application"
        },
        {
          "name": "TeamsTab.Read.Group",
          "type": "Application"
        },
        {
          "name": "TeamsTab.ReadWrite.Group",
          "type": "Application"
        }
      ]
    }
  }
}

Answer 1

 Hello Akshay Babar,

Welcome to Microsoft Q&A .Thank you for reaching out.

Adding on to the inputs given by Kudos-Ng and Sayali-MSFT , please check if the following suggestion helps.

The observed behavior is caused by an invalid webApplicationInfo.resource configuration after adding Tab capability. For apps that include both a bot and a tab, Teams requires the Application ID URI to include a fully qualified domain name. When this requirement is not met, Teams initially grants permissions during installation but later revokes app‑level RSC permissions during background security synchronization, causing the bot to receive only @mention events.

As asked , this behavior is expected and can occur when a Teams app is updated to add tab capability without aligning the SSO configuration (webApplicationInfo). It is a known pattern related to how Teams revalidates permissions and authentication after such updates.

Please note that the existing installations are not always automatically upgraded to reflect new permission scopes, which is why reinstall temporarily resolves the issue.

After Tab support was added

• The app became a Bot + Tab app.
• Teams now treats webApplicationInfo.resource as the SSO authority for the tab.
• For Tab SSO, Microsoft requires a fully qualified domain name (FQDN) in the Application ID URI.

Internally on reinstall, Teams temporarily grants RSC permissions. During the background security and token sync (24–48 hours),teams detects that webApplicationInfo.resource is invalid for Tab SSO and  the platform revokes app‑level RSC permissions. Because of this the bot  is no longer receives all channel messages and falls back to default behaviour

Please check if updating the Azure AD Application ID URI and manifest to use

api://<domain>/<app-id>

followed by a clean redeployment resolves the issue permanently.

To fix Azure AD (Entra ID) App Registration , please navigate to Azure AD → App Registration → Expose an API.Then set Application ID URI to

api://<your-domain>/<BOT_APP_ID>

Then update webApplicationInfo exactly to match the App ID URI as following –

"webApplicationInfo": {
  "id": "<BOT_APP_ID>",
  "resource": "api://<your-domain>/<BOT_APP_ID>"
}

Please consider redeploying to remove the app from Teams Admin Center Then please wait for tenant sync (background propagation) .Upload the corrected app package to reinstall the app into the team If prompted re‑grant consent.

References:

• Troubleshoot your App - Teams | Microsoft Learn
• Enable SSO for Bot & Message Extension - Teams | Microsoft Learn
• Resource-specific Consent for Apps - Teams | Microsoft Learn
• Get All Channel and Chat Messages for Bot and Agents - Teams | Microsoft Learn
• Channel/Group Conversation Chat Bot - Teams | Microsoft Learn
• Conversation events - Teams | Microsoft Learn
• Integrate and Use Bots with Tabs - Teams | Microsoft Learn
• Microsoft Teams apps update experience and admin role - Microsoft Teams | Microsoft Learn 

Thank you!

Answer 2

Hi Akshay Babar,

Thank you for posting your question in the Microsoft Q&A forum.

After reviewing the official Teams developer documentation and similar community reports regarding manifest updates, it appears that this behavior is expected by design in Microsoft Teams.

While it can certainly be confusing the first time you encounter it, it perfectly aligns with how Teams handles Capability Updates and Re-consent flows for apps.

When you incremented the manifest version and added a new capability (the configurableTabs array), the existing app installation in the Teams channel entered a "Pending Update" state.

According to Microsoft's app update and permission framework, adding a Tab constitutes a change in app capabilities. Because your new tab requests specific contexts (like channelTab), Teams' security boundaries require strict consent. Therefore, Teams pauses routing conversation events to your bot endpoint to prevent state mismatches until the new manifest is explicitly accepted and "Re-consented" within that specific channel.

When you remove and reinstall the app, you bypass the "update" flow entirely. A fresh installation triggers a new installationUpdate event to your bot and forces the user to consent to the entire manifest (Bot + Tab) upfront, putting the app directly into a fully "Active" state where event routing resumes immediately.

Once you upload the new package to the Teams Admin Center, go to the Teams Channel where the bot is installed. Users (or Team Owners) should see an "Update" button/prompt next to the app in the Manage Team > Apps list. Clicking "Update" manually triggers the re-consent flow for the new Tab capability, and the Bot will legally resume receiving events.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".         

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.