




















@@ -5,11 +5,7 @@ read_when:
55title: "Microsoft Teams"
66---
778-# Microsoft Teams
9-10-> "Abandon all hope, ye who enter here."
11-12-Status: text + DM attachments are supported; channel/group file sending requires `sharePointSiteId` + Graph permissions (see [Sending files in group chats](#sending-files-in-group-chats)). Polls are sent via Adaptive Cards. Message actions expose explicit `upload-file` for file-first sends.
8+Text and DM attachments are supported; channel and group file sending requires `sharePointSiteId` + Graph permissions (see [Sending files in group chats](#sending-files-in-group-chats)). Polls are sent via Adaptive Cards. Message actions expose explicit `upload-file` for file-first sends.
1391410## Bundled plugin
1511@@ -61,12 +57,6 @@ For production deployments, consider using [federated authentication](#federated
61576258Note: group chats are blocked by default (`channels.msteams.groupPolicy: "allowlist"`). To allow group replies, set `channels.msteams.groupAllowFrom` (or use `groupPolicy: "open"` to allow any member, mention-gated).
635964-## Goals
65-66-- Talk to OpenClaw via Teams DMs, group chats, or channels.
67-- Keep routing deterministic: replies always go back to the channel they arrived on.
68-- Default to safe channel behavior (mentions required unless configured otherwise).
69-7060## Config writes
71617262By default, Microsoft Teams is allowed to write config updates triggered by `/config set|unset` (requires `commands.config: true`).
@@ -183,8 +173,6 @@ Before configuring OpenClaw, create an Azure Bot resource and capture its creden
183173</Step>
184174</Steps>
185175186-<a id="federated-authentication-certificate--managed-identity"></a>
187-188176## Federated authentication
189177190178> Added in 2026.3.24
@@ -374,60 +362,16 @@ This is often easier than hand-editing JSON manifests.
3743622. Find the bot in Teams and send a DM
3753633. Check gateway logs for incoming activity
376364377-## Setup (minimal text-only)
378-379-1. **Ensure the Microsoft Teams plugin is available**
380- - Current packaged OpenClaw releases already bundle it.
381- - Older/custom installs can add it manually:
382- - From npm: `openclaw plugins install @openclaw/msteams`
383- - From a local checkout: `openclaw plugins install ./path/to/local/msteams-plugin`
384-385-2. **Bot registration**
386- - Create an Azure Bot (see above) and note:
387- - App ID
388- - Client secret (App password)
389- - Tenant ID (single-tenant)
390-391-3. **Teams app manifest**
392- - Include a `bot` entry with `botId = <App ID>`.
393- - Scopes: `personal`, `team`, `groupChat`.
394- - `supportsFiles: true` (required for personal scope file handling).
395- - Add RSC permissions (below).
396- - Create icons: `outline.png` (32x32) and `color.png` (192x192).
397- - Zip all three files together: `manifest.json`, `outline.png`, `color.png`.
398-399-4. **Configure OpenClaw**
400-401-```json5
402- {
403- channels: {
404- msteams: {
405- enabled: true,
406- appId: "<APP_ID>",
407- appPassword: "<APP_PASSWORD>",
408- tenantId: "<TENANT_ID>",
409- webhook: { port: 3978, path: "/api/messages" },
410- },
411- },
412- }
413- ```
365+<Accordion title="Environment variable overrides">
414366415-You can also use environment variables instead of config keys:
416- - `MSTEAMS_APP_ID`
417- - `MSTEAMS_APP_PASSWORD`
418- - `MSTEAMS_TENANT_ID`
419- - `MSTEAMS_AUTH_TYPE` (optional: `"secret"` or `"federated"`)
420- - `MSTEAMS_CERTIFICATE_PATH` (federated + certificate)
421- - `MSTEAMS_CERTIFICATE_THUMBPRINT` (optional, not required for auth)
422- - `MSTEAMS_USE_MANAGED_IDENTITY` (federated + managed identity)
423- - `MSTEAMS_MANAGED_IDENTITY_CLIENT_ID` (user-assigned MI only)
367+Any of the bot/auth config keys can also be set via env vars:
424368425-5. **Bot endpoint**
426- - Set the Azure Bot Messaging Endpoint to:
427- - `https://<host>:3978/api/messages` (or your chosen path/port).
369+- `MSTEAMS_APP_ID`, `MSTEAMS_APP_PASSWORD`, `MSTEAMS_TENANT_ID`
370+- `MSTEAMS_AUTH_TYPE` (`"secret"` or `"federated"`)
371+- `MSTEAMS_CERTIFICATE_PATH`, `MSTEAMS_CERTIFICATE_THUMBPRINT` (federated + certificate)
372+- `MSTEAMS_USE_MANAGED_IDENTITY`, `MSTEAMS_MANAGED_IDENTITY_CLIENT_ID` (federated + managed identity; client ID only for user-assigned)
428373429-6. **Run the gateway**
430- - The Teams channel starts automatically when the bundled or manually installed plugin is available and `msteams` config exists with credentials.
374+</Accordion>
431375432376## Member info action
433377@@ -956,8 +900,20 @@ Bots have limited support in private channels:
956900957901## Related
958902959-- [Channels Overview](/channels) — all supported channels
960-- [Pairing](/channels/pairing) — DM authentication and pairing flow
961-- [Groups](/channels/groups) — group chat behavior and mention gating
962-- [Channel Routing](/channels/channel-routing) — session routing for messages
963-- [Security](/gateway/security) — access model and hardening
903+<CardGroup cols={2}>
904+ <Card title="Channels overview" icon="list" href="/channels">
905+ All supported channels.
906+ </Card>
907+ <Card title="Pairing" icon="link" href="/channels/pairing">
908+ DM authentication and pairing flow.
909+ </Card>
910+ <Card title="Groups" icon="users" href="/channels/groups">
911+ Group chat behavior and mention gating.
912+ </Card>
913+ <Card title="Channel routing" icon="route" href="/channels/channel-routing">
914+ Session routing for messages.
915+ </Card>
916+ <Card title="Security" icon="shield" href="/gateway/security">
917+ Access model and hardening.
918+ </Card>
919+</CardGroup>
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。