Clarification on Multi-Tenant Support for Single-Tenant Teams Bot Deployment

Akshay Babar 65 Reputation points
2026-05-06T20:24:12.85+00:00

Hi Team,

We are currently updating our Microsoft Teams bot implementation based on the recent deprecation of the multi-tenant bot configuration. As per the latest guidance, we are now creating the bot using a Single Tenant setup.

However, our requirement is to support multiple customer tenants (external organizations) using the same bot.

We would like clarification on the recommended approach for this scenario:

Is it mandatory to publish the app to the Teams App Store (AppSource / Org Store) for external tenant usage?

Alternatively, can we distribute the bot using a custom app package (ZIP) and allow customers to sideload/install it in their respective tenants?

If distribution via ZIP is possible, what changes or implementation steps are required to ensure the bot can support multiple tenants despite being configured as Single Tenant?

Are there any limitations or additional configurations required when using Single Tenant bots across multiple tenants?

This clarification is important for us to finalize our deployment and distribution strategy.

Thanks in advance for your guidance.

Regards, [Moderator note: personal info removed] 

Microsoft Teams | Development
Microsoft Teams | Development

Building, integrating, or customizing apps and workflows within Microsoft Teams using developer tools and APIs


3 answers

Sort by: Most helpful
  1. Vaibhav Tiwari 0 Reputation points
    2026-06-26T21:14:44+00:00

    We have a problem with distribution. As it is not secure, for us to put the app in the market place for everyone to see.. Is there a safer appsource to distribute? Or some way that people could only see the app we published if we allow them?

    Was this answer helpful?


  2. Hin-V 16,155 Reputation points Microsoft External Staff Moderator
    2026-05-06T22:37:44.63+00:00

    Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.  

    Hi @Akshay Babar

    Thank you for sharing your concerns. 

    Regarding to your concerns:

    For publishing the app to the Teams App Store 

    As far as I know, publishing to the Teams App Store (AppSource) is not strictly mandatory, but it is strongly recommended and is the most reliable approach for supporting multiple external customer tenants with a single-tenant bot. 

    This method aligns with current guidance after the deprecation of multi-tenant bot creation, and it provides a scalable and fully supported way to distribute your bot across tenants. 

    Distribute the bot using a custom app package (ZIP) and allow your customers to sideload/install it in their respective tenants 

    It is technically possible. Your customers can upload the .zip package via the Teams Admin Center or sideload it directly in Teams. However, while this approach might work in some scenarios, it is not the recommended method for large-scale or production multi-tenant use.  It requires manual installation in each tenant and depends on tenant policies that may block custom app uploads.  

    In addition, for cross-tenant scenarios, behavior can be inconsistent. While a single-tenant bot can still receive messages from users in other tenants once installed, some features (such as authentication flows, proactive messaging, or Graph-related scenarios) may not function reliably without proper consent and configuration.  

    For these reasons, AppSource/Teams Store remains the most reliable and supported method for cross-tenant distribution. It allows Microsoft to handle consent, provisioning, and installation flow across tenants, even though the bot itself remains single-tenant. 

    Changes or implementation steps are required to support multiple tenants when using ZIP distribution 

    In this scenarios, to support external tenants with a single-tenant bot, you may need to implement the following: 

    • Ensure your bot logic is tenant-aware and can handle different tenantId values from incoming requests 
    • Design proper tenant isolation and avoid mixing data between tenants  

    If your bot requires user authentication or Microsoft Graph access in your customer tenants, additional configuration (such as consent or alternative authentication models) might be required, since a single-tenant app does not natively authenticate users from other tenants.  

    Note that switching the Azure Bot itself to multi-tenant is no longer applicable for new implementations, as multi-tenant bot creation has been deprecated. 

    Limitations or additional considerations when using Single-Tenant bots across multiple tenants 

    When using single tenant bots across multiple tenants via ZIP distribution you might face several important limitations including:  

    Scalability and distribution challenges

    Because ZIP deployment requires manual installation in every customer tenant and does not support self-service discovery.  

    Policy dependency
    Since each customer tenant must allow custom app uploads and grant the required permissions.  

    Authentication and API access

    Some authentication scenarios and Graph integrations require additional configuration and tenant-level consent.   

    Testing and maintenance

    Cross-tenant validation and troubleshooting are more complex compared to AppSource distribution.   

    For Long-term supportability

    AppSource is the only approach aligned with Microsoft’s long-term direction for cross-tenant app distribution.

    I hope this helps. 

    Please feel free to correct me if I misunderstood your request. If you have any additional concerns, feel free to comment below. I would be more than happy to assist. 


    Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?


  3. AI answer

    2026-05-06T20:24:34.8666667+00:00

    A single-tenant Azure Bot can be used by multiple customer tenants; the key difference is how authentication and distribution are handled, not that each customer needs a separate bot.

    From the current guidance:

    1. Multi-tenant bot creation in Azure Bot Service is being deprecated after July 31, 2025. New bots should use SingleTenant or user-assigned managed identity going forward.
      • For multi-tenant bots the configuration was:
        • MicrosoftAppType = MultiTenant
        • MicrosoftAppId = <bot app id>
        • MicrosoftAppPassword = <bot app password>
        • MicrosoftAppTenantId = <blank>
      • Going forward, use single-tenant configuration instead.
    2. For Teams distribution, the supported options for Microsoft 365-enabled Teams apps (including bots) are:
      • Single-tenant distribution (org-only):
        • Upload and publish the app package via:
          • Teams client → Manage your appsUpload an appSubmit an app to your org.
          • Teams Developer Portal.
          • Microsoft Teams admin center.
          • Microsoft Admin Center.
      • Multitenant distribution (cross-tenant):
        • Publish via the Microsoft commercial marketplace (AppSource) using the Teams app manifest (v1.13 for Microsoft 365-enabled apps).
        • This is the standard way to make a Teams app available to multiple external tenants.
    3. Sideloading / ZIP distribution:
      • For testing and ALM, a customer or partner can sideload the .zip package that references a bot/agent:
        • “A customer or partner can sideload the .ZIP package … The .ZIP package can be uploaded via the Teams or Microsoft Admin Center and managed the same as for single-tenant agents in Copilot Studio.”
      • This pattern is explicitly supported for multitenant agents in Copilot Studio and is analogous for Teams apps that include bots: the ZIP (app package) can be uploaded in another tenant if that tenant’s admin allows custom app upload.
      • Bots in production should be added to Teams as part of a Teams app package, not by GUID, because adding by GUID “severely limits the functionality of a bot.”
    4. What this means for the scenario:
      • Is AppSource mandatory?
        • For broad, self-service, multitenant distribution to many external organizations, the recommended and supported approach is to publish to the Microsoft commercial marketplace (AppSource) as a multitenant Teams app.
      • Can a ZIP package be used instead?
        • Yes, a ZIP (Teams app package) can be provided to specific customers, and their admins can upload/sideload it in their tenant via Teams or Microsoft Admin Center, provided their policies allow custom apps.
        • This is suitable for controlled or limited cross-tenant deployments (for example, a small number of customers or pilot programs).
      • What is required to support multiple tenants with a single-tenant bot?
        • The bot itself is registered as single-tenant in Azure, but the Teams app package that references it can be:
          • Distributed privately (ZIP) to specific tenants, or
          • Published as a multitenant app via AppSource.
        • Each external tenant must:
          • Install the Teams app package.
          • Grant any required permissions/consent for the underlying Azure AD app.
      • Limitations / additional configuration:
        • Multi-tenant bot creation is deprecated; use single-tenant or managed identity for new bots.
        • For production use across many tenants, AppSource-based multitenant distribution is the supported pattern.
        • For ZIP-based distribution, each customer tenant’s admin must explicitly upload and manage the app, and tenant policies (custom app upload, third-party app controls) must allow it.

    In summary:

    • AppSource is the recommended route for scalable, multitenant distribution of a Teams bot.
    • Distribution via ZIP/sideloading is possible and supported for cross-tenant scenarios where the customer’s admin uploads the package.
    • The bot remains single-tenant in Azure; cross-tenant usage is enabled by how the Teams app package is distributed and installed, plus the necessary admin consent in each customer tenant.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.