Microsoft Teams bot quickstart

This is the fast path for Microsoft Teams—Azure Bot, HTTPS messaging endpoint, and tenant install. Tenant policies, manifest packaging, and advanced group rules are in the full Microsoft Teams channel guide. Confirm exact JSON keys in official docs—schemas evolve across releases.

Time: about 30–45 minutes (Azure + HTTPS). Teams requires a public HTTPS messaging endpoint; a home PC alone is not enough unless you add a tunnel (remote access) or a small VPS with TLS.

• OpenClaw installed (installation) and an LLM provider configured.
• Azure subscription with permission to create App registrations and an Azure Bot resource.
• A public HTTPS URL pointing at your Gateway (VPS, reverse proxy, or Tailscale Funnel—see remote access).
• Teams admin or ability to sideload/custom-upload apps for testing (org policy varies).

1. Open Azure Portal → Microsoft Entra ID → App registrations → New registration.
2. Name it (e.g. OpenClaw Bot). Supported account type depends on your tenant (single-tenant is common for internal bots).
3. After creation, copy the Application (client) ID—you need it for OpenClaw and the Azure Bot resource.

1. In the app → Certificates & secrets → New client secret.
2. Copy the Value immediately (shown only once). This is the bot password OpenClaw uses.

Store secrets in a vault or env vars—not in git. See secrets configuration.

1. Azure Portal → Create a resource → Azure Bot.
2. Link the bot to the app registration from Step 1 (same Microsoft App ID).
3. Set the messaging endpoint to your public HTTPS URL for Teams traffic (path depends on OpenClaw version—check Teams reference and official docs).
4. Open the Azure Bot → Channels → add Microsoft Teams and accept terms.

Without valid HTTPS and a reachable endpoint, Teams cannot deliver messages to your Gateway.

Azure Bot must reach your Gateway over HTTPS on a stable URL. Common patterns:

• VPS + reverse proxy — Run OpenClaw on a small VPS; terminate TLS with Caddy or nginx (Let's Encrypt). Best for production Teams bots.
• Dev tunnel / ngrok — Fine for a proof-of-concept; URL may rotate unless you pay for a reserved domain. See remote access.
• Tailscale Funnel — HTTPS to a private machine without opening all ports; confirm your org allows Tailscale and that the funnel URL matches what you paste in Azure.

Slack often uses Socket Mode (outbound from Gateway). Teams is the opposite: Microsoft calls you. Budget time for TLS and firewall rules before debugging OpenClaw config.

During openclaw onboard, enable Microsoft Teams and paste the App ID and client secret when prompted—or merge into ~/.openclaw/openclaw.json. Example shape (keys may differ in your build):

{
  "channels": {
    "microsoftTeams": {
      "appId": "YOUR_APPLICATION_CLIENT_ID",
      "appPassword": "YOUR_CLIENT_SECRET",
      "allowFrom": ["you@company.com"]
    }
  }
}

Use allowFrom / group policies so the bot is not open to your entire tenant by accident. Read is OpenClaw safe? before widening access.

The Setup Wizard can generate merge-ready JSON for Teams.

openclaw gateway start
openclaw doctor

doctor should report Teams/Microsoft channel healthy. Use a VPS or reverse proxy with valid TLS; pick a region close to operators and your LLM API (region guide).

1. In Teams, install or sideload your bot app (org admin may need to approve custom apps).
2. Open a chat with the bot and send hello.
3. If pairing is enabled, approve: openclaw pairing list microsoft-teams then openclaw pairing approve microsoft-teams <code> (pairing guide)—exact channel id may vary; see pairing list output.
4. For channel @mentions, confirm mention handling in the full Teams guide.

More detail: Teams guide · troubleshooting

• Workplace chat: Slack quickstart.
• Production hardening: hardening checklist and AWS Bedrock for in-tenant models.
• Automate with cron and webhooks.