#msteams webchat working, from app not

I am trying to connect openclaw to ms teams. I've followed the guide and have everything setup. I tested the functionallity with Test in Web Chat and it is working and answering. I then created the App Manifest in Developer Center and published the App to teams. Inside teams i send DM to the bot but never get an answer. This is a snippet from my config (values redacted):
"channels": {
"msteams": {
"enabled": true,
"groupPolicy": "open",
"appId": "bot_id_is_here",
"appPassword": "bot_password_is_here",
"tenantId": "tenant_id_is_here",
"dmPolicy": "open",
"allowFrom": [
"*"
]
}
},
"bindings": [
{
"agentId": "main",
"match": {
"channel": "msteams",
"accountId": "default"
}
}
]

Your OpenClaw config looks basically fine for DMs. With dmPolicy: "open" and allowFrom: ["*"], the bot should not be blocked by the OpenClaw side.

Since Test in Web Chat works, I’d focus on the Teams app/manifest/install path first.

Please send these first:

openclaw --version
openclaw logs --follow

Then DM the bot in Teams while logs are open.

What I’d check next:

1. Manifest personal scope
   Make sure your Teams app manifest has:

• bots[].botId = your Azure Bot App ID
  • webApplicationInfo.id = the same Azure Bot App ID
  • bots[].scopes includes "personal"

2. Install as a personal app
   Publishing the app is not always enough by itself. Make sure the bot is actually installed for personal scope in Teams, not just available in the catalog.

3. Version bump + reinstall
   Teams caches app metadata aggressively.
   If you changed the manifest:

   • increment manifest.json version
   • re-zip
   • re-upload
   • remove/re-add the app
   • fully quit and reopen Teams

4. Watch the logs

• No incoming Teams activity at all in logs → this is almost certainly a Teams manifest/install/scope issue.
  • Incoming activity appears, but no reply → paste that log output here and we can dig into the runtime side.

Docs:

• https://docs.openclaw.ai/channels/msteams
• https://docs.openclaw.ai/help/faq

If you want, paste your redacted Teams app manifest too, that’s probably the fastest way to spot it.

i can see that messages from the test webchat arrive, but there are no messages arriving from msteams. Maybe the error is in the manifest, here is the first part, second part will be next message:

{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.25/MicrosoftTeams.schema.json",
"version": "1.0.0",
"manifestVersion": "1.25",
"id": "app_id_here",
"name": {
"short": "Name AI Agent",
"full": "Name AI Agent — OpenClaw Assistant"
},
"developer": {
"name": "somename",
"websiteUrl": "https://validurl.de",
"privacyUrl": "https://validurl.de/privacy",
"termsOfUseUrl": "https://validurl.de/legalinfo"
},
"description": {
"short": "Assistant for OpenClaw inside Microsoft Teams.",
"full": "Name AI Agent — OpenClaw assistant integrated with Teams. Provides bot interaction, file handling, and resource-specific permissions."
},
"icons": {
"outline": "outline.png",
"color": "color.png"
},
"accentColor": "#d4651c",
"bots": [
{
"botId": "bot_id_is_here",
"scopes": [
"personal",
"team",
"groupChat"
],
"isNotificationOnly": false,
"supportsCalling": false,
"supportsVideo": false,
"supportsFiles": true
}
],
"validDomains": [],
"webApplicationInfo": {
"id": "bot_id_is_here"
},

"authorization": {
"permissions": {
"resourceSpecific": [
{
"name": "ChannelMessage.Read.Group",
"type": "Application"
},
{
"name": "ChannelMessage.Send.Group",
"type": "Application"
},
{
"name": "Member.Read.Group",
"type": "Application"
},
{
"name": "Owner.Read.Group",
"type": "Application"
},
{
"name": "ChannelSettings.Read.Group",
"type": "Application"
},
{
"name": "TeamMember.Read.Group",
"type": "Application"
},
{
"name": "TeamSettings.Read.Group",
"type": "Application"
},
{
"name": "ChatMessage.Read.Chat",
"type": "Application"
}
]
}
},
"supportsChannelFeatures": "tier1"
}

Yep, the first part of your manifest looks fine for DMs.

For personal DM delivery, the important bits are:

• bots[].botId matches your Azure Bot App ID
• webApplicationInfo.id matches the same App ID
• scopes includes "personal"

From what you pasted, those look correct.

So if nothing from Teams reaches OpenClaw at all, I would not blame this part of the manifest first. I’d check these next:

1. Azure Bot -> Channels -> Microsoft Teams
   Make sure the Microsoft Teams channel is actually enabled there.
   Web Chat working does not prove Teams is enabled, only that the bot endpoint works.

2. Messaging endpoint

In Azure Bot -> Configuration, confirm it still points to your public:
https://.../api/messages

3. Installed as a personal app
   Publishing to Teams is not enough by itself.
   Make sure you actually installed the app for yourself in personal scope and started the DM from that installed app.

4. Manifest cache
   Teams caches aggressively.
   If you changed anything:

   • bump version
   • re-upload
   • remove/re-add the app
   • fully quit and reopen Teams

5. Welcome card
   When the bot is added in personal scope, you should usually at least see the install/conversation activity hit the bot. If you never see even that in logs, the problem is almost certainly on the Teams/Azure side before OpenClaw.

Also, the second half of the manifest, especially authorization.permissions.resourceSpecific, matters more for team/group/channel traffic. It is usually not the thing that blocks simple personal DMs.

Still send:

openclaw --version

And if you can, paste the second half of the manifest plus whether Azure Bot -> Channels -> Microsoft Teams is enabled. That’ll narrow it down fast.

Docs:

• https://docs.openclaw.ai/channels/msteams
• https://docs.openclaw.ai/help/faq

Yep, this part also looks fine to me.

I don’t see an obvious manifest bug in what you pasted. In particular:

• botId / webApplicationInfo.id are present
• scopes includes personal
• the authorization.permissions.resourceSpecific block looks normal

Also, that authorization block is mainly for team/group/channel behavior. It is not usually what makes a simple 1:1 personal DM fail.

So at this point I’d say the problem is probably not the manifest JSON itself.

Most likely next suspects:

1. Azure Bot -> Channels -> Microsoft Teams is not actually enabled
   This is still my top suspect.
   Test in Web Chat can work even when the Teams channel is not set up correctly, because Web Chat hits the bot through a different path.

2. The app is published, but not really installed as a personal app
   Try removing it completely, then add it again explicitly in personal scope.

3. Teams cache
   Bump manifest version to 1.0.1, re-upload, remove/re-add app, then fully quit and relaunch Teams.

4. Check logs while adding/installing the app, not just while messaging
   Run:

   openclaw logs --follow
   

   Then:

   • install/reinstall the Teams app
   • open the personal chat
   • send a DM

   If OpenClaw sees nothing at all, not even a conversationUpdate-style event, then Teams never reached the bot.

Still need this too:

openclaw --version

If you want, the next most useful thing would be either:

• a screenshot of Azure Bot -> Channels showing Microsoft Teams enabled, or
• the output from openclaw logs --follow while you install the app and DM it

That should narrow it down pretty quickly.

I am using
OpenClaw 2026.4.15 (041266a)

1. It is enabled - and it shows Healthy, i can see a few error logs in the webchat: There was an error sending this message to your bot: HTTP status code GatewayTimeout
   There was an error sending this message to your bot: HTTP status code Forbidden

I dont know if these logs are relevant because the webchat is working.

2. I published the app and installed it afterwards. Its now installed in my ms teams and i am messaging the bot from there

3. This is already my third attempt, i know that teams cache sucks and microsoft too anyway...

4. Logs from openclaw show, but this is only from the Web Chat (no other output):
   07:41:01+00:00 info {"name":"msteams"} sent welcome card
   07:41:11+00:00 info {"name":"msteams"} received message
   07:41:11+00:00 info {"name":"msteams"} dispatching to agent
   07:41:55+00:00 info {"name":"msteams"} dispatch complete

That’s helpful. A few things are clearer now.

• 2026.4.15 is recent enough
• Your manifest looks sane
• The big clue is this: OpenClaw only sees Web Chat traffic, not Teams traffic at all

So the problem is almost certainly one of these two:

1. Teams/Azure never forwards the activity
2. OpenClaw receives it, but rejects it before the normal received message log

That second case matters, because the Teams monitor has some early auth checks that only show up at debug level.

What I’d do next

Temporarily turn logging up to debug, restart the gateway, then test Teams again.

Docs: https://docs.openclaw.ai/gateway/logging

If you use config, set:

{
  logging: {
    level: "debug"
  }
}

Then restart:

openclaw gateway restart

openclaw logs --follow

Now DM the bot from Teams and look specifically for lines like:

• JWT validation failed
• JWT validation error: ...
• dropping ...
• anything from msteams before received message

Why I’m asking for debug logs

Right now your info logs only show the happy Web Chat path:

• welcome card
• received message

• dispatching
• dispatch complete

If Teams is failing at webhook auth or early routing, you would not see the usual message log line.

About those Web Chat errors

The GatewayTimeout is probably just because that turn took ~44s (07:41:11 → 07:41:55), so Web Chat got grumpy waiting.
The Forbidden might be a reply/auth-path issue, but it does not explain why Teams traffic never even shows up.

If debug logs still show absolutely nothing from Teams

Then I’d treat it as outside OpenClaw, and focus on Microsoft’s side:

• Azure Bot → Channels → Microsoft Teams enabled
• app installed as personal app
• remove/re-add the app again

• if needed, upload via Teams Admin Center once, not only Developer Portal

If you paste the debug log lines from one Teams DM attempt, we can probably pin it down pretty fast.

I have set logging to debug - but its still the same. I can see no connection attempts in this log. I reconfirmed the web chat still is working

That’s a really useful result.

If debug logs still show zero Teams ingress, then I’d stop chasing OpenClaw config. At that point, the fault domain is almost certainly Microsoft/Azure routing before OpenClaw ever sees the request.

So the situation is basically:

• Web Chat works → endpoint + OpenClaw are alive
• No Teams webhook attempts at all → Teams/Azure is not forwarding to the bot endpoint

The 3 things I’d verify next, in this order:

1. Same tenant
   If your Azure Bot is Single Tenant, make sure the Teams account you’re testing with is in that same Entra tenant. Guest/cross-tenant cases can silently fail.

2. Exact App ID match
   Triple-check that all of these are the same GUID:

   • Azure Bot Microsoft App ID

• Entra app registration Application (client) ID
  • Teams manifest bots[].botId
  • Teams manifest webApplicationInfo.id

3. Fresh Teams app package
   Don’t reuse the same cached app package again.
   I’d try:
   • create a fresh Teams app
   • give it a new manifest id
   • keep the same bot App ID
   • upload/install via Teams Admin Center or Upload custom app
   • then test again

At this point I’d also say the GatewayTimeout / Forbidden you saw in Web Chat are probably side noise, not the main blocker.

My honest read: this no longer looks like an OpenClaw-side issue, it looks like Teams never attaching your app to the Azure Bot correctly.

If you want, the next most useful thing to paste is:

• whether the bot is single-tenant or multi-tenant
• whether your Teams user is in the same tenant
• a redacted screenshot/text dump of the Azure Bot Configuration + Channels pages

That should be enough to narrow it down without more guesswork.