Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.
Hi @Akshay Babar
Thank you for sharing your concerns.
Regarding to your concerns:
For publishing the app to the Teams App Store
As far as I know, publishing to the Teams App Store (AppSource) is not strictly mandatory, but it is strongly recommended and is the most reliable approach for supporting multiple external customer tenants with a single-tenant bot.
This method aligns with current guidance after the deprecation of multi-tenant bot creation, and it provides a scalable and fully supported way to distribute your bot across tenants.
Distribute the bot using a custom app package (ZIP) and allow your customers to sideload/install it in their respective tenants
It is technically possible. Your customers can upload the .zip package via the Teams Admin Center or sideload it directly in Teams. However, while this approach might work in some scenarios, it is not the recommended method for large-scale or production multi-tenant use. It requires manual installation in each tenant and depends on tenant policies that may block custom app uploads.
In addition, for cross-tenant scenarios, behavior can be inconsistent. While a single-tenant bot can still receive messages from users in other tenants once installed, some features (such as authentication flows, proactive messaging, or Graph-related scenarios) may not function reliably without proper consent and configuration.
For these reasons, AppSource/Teams Store remains the most reliable and supported method for cross-tenant distribution. It allows Microsoft to handle consent, provisioning, and installation flow across tenants, even though the bot itself remains single-tenant.
Changes or implementation steps are required to support multiple tenants when using ZIP distribution
In this scenarios, to support external tenants with a single-tenant bot, you may need to implement the following:
- Ensure your bot logic is tenant-aware and can handle different tenantId values from incoming requests
- Design proper tenant isolation and avoid mixing data between tenants
If your bot requires user authentication or Microsoft Graph access in your customer tenants, additional configuration (such as consent or alternative authentication models) might be required, since a single-tenant app does not natively authenticate users from other tenants.
Note that switching the Azure Bot itself to multi-tenant is no longer applicable for new implementations, as multi-tenant bot creation has been deprecated.
Limitations or additional considerations when using Single-Tenant bots across multiple tenants
When using single tenant bots across multiple tenants via ZIP distribution you might face several important limitations including:
Scalability and distribution challenges
Because ZIP deployment requires manual installation in every customer tenant and does not support self-service discovery.
Policy dependency
Since each customer tenant must allow custom app uploads and grant the required permissions.
Authentication and API access
Some authentication scenarios and Graph integrations require additional configuration and tenant-level consent.
Testing and maintenance
Cross-tenant validation and troubleshooting are more complex compared to AppSource distribution.
For Long-term supportability
AppSource is the only approach aligned with Microsoft’s long-term direction for cross-tenant app distribution.
I hope this helps.
Please feel free to correct me if I misunderstood your request. If you have any additional concerns, feel free to comment below. I would be more than happy to assist.
Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread.