

























@@ -79,9 +79,9 @@ This single command:
7979- Creates an Entra ID (Azure AD) application
8080- Generates a client secret
8181- Builds and uploads a Teams app manifest (with icons)
82-- Registers the bot (Teams-managed by default — no Azure subscription needed)
82+- Registers the bot (Teams-managed by default - no Azure subscription needed)
838384-The output will show `CLIENT_ID`, `CLIENT_SECRET`, `TENANT_ID`, and a **Teams App ID** — note these for the next steps. It also offers to install the app in Teams directly.
84+The output will show `CLIENT_ID`, `CLIENT_SECRET`, `TENANT_ID`, and a **Teams App ID** - note these for the next steps. It also offers to install the app in Teams directly.
85858686**4. Configure OpenClaw** using the credentials from the output:
8787@@ -103,7 +103,7 @@ Or use environment variables directly: `MSTEAMS_APP_ID`, `MSTEAMS_APP_PASSWORD`,
103103104104**5. Install the app in Teams**
105105106-`teams app create` will prompt you to install the app — select "Install in Teams". If you skipped it, you can get the link later:
106+`teams app create` will prompt you to install the app - select "Install in Teams". If you skipped it, you can get the link later:
107107108108```bash
109109teams app get <teamsAppId> --install-link
@@ -147,14 +147,14 @@ Disable with:
147147148148- Default: `channels.msteams.dmPolicy = "pairing"`. Unknown senders are ignored until approved.
149149- `channels.msteams.allowFrom` should use stable AAD object IDs.
150-- Do not rely on UPN/display-name matching for allowlists — they can change. OpenClaw disables direct name matching by default; opt in explicitly with `channels.msteams.dangerouslyAllowNameMatching: true`.
150+- Do not rely on UPN/display-name matching for allowlists - they can change. OpenClaw disables direct name matching by default; opt in explicitly with `channels.msteams.dangerouslyAllowNameMatching: true`.
151151- The wizard can resolve names to IDs via Microsoft Graph when credentials allow.
152152153153**Group access**
154154155155- Default: `channels.msteams.groupPolicy = "allowlist"` (blocked unless you add `groupAllowFrom`). Use `channels.defaults.groupPolicy` to override the default when unset.
156156- `channels.msteams.groupAllowFrom` controls which senders can trigger in group chats/channels (falls back to `channels.msteams.allowFrom`).
157-- Set `groupPolicy: "open"` to allow any member (still mention‑gated by default).
157+- Set `groupPolicy: "open"` to allow any member (still mention-gated by default).
158158- To allow **no channels**, set `channels.msteams.groupPolicy: "disabled"`.
159159160160Example:
@@ -174,7 +174,7 @@ Example:
174174175175- Scope group/channel replies by listing teams and channels under `channels.msteams.teams`.
176176- Keys should use stable Teams conversation IDs from Teams links, not mutable display names.
177-- When `groupPolicy="allowlist"` and a teams allowlist is present, only listed teams/channels are accepted (mention‑gated).
177+- When `groupPolicy="allowlist"` and a teams allowlist is present, only listed teams/channels are accepted (mention-gated).
178178- The configure wizard accepts `Team/Channel` entries and stores them for you.
179179- On startup, OpenClaw resolves team/channel and user allowlist names to IDs (when Graph permissions allow)
180180 and logs the mapping; unresolved team/channel names are kept as typed but ignored for routing by default unless `channels.msteams.dangerouslyAllowNameMatching: true` is enabled.
@@ -416,7 +416,7 @@ For AKS deployments using workload identity:
416416azure.workload.identity/use: "true"
417417```
418418419-5. **Ensure network access** to IMDS (`169.254.169.254`) — if using NetworkPolicy, add an egress rule allowing traffic to `169.254.169.254/32` on port 80.
419+5. **Ensure network access** to IMDS (`169.254.169.254`) - if using NetworkPolicy, add an egress rule allowing traffic to `169.254.169.254/32` on port 80.
420420421421### Auth type comparison
422422@@ -702,7 +702,7 @@ Key settings (see `/gateway/configuration` for shared channel patterns):
702702- `toolsBySender` keys should use explicit prefixes:
703703`id:`, `e164:`, `username:`, `name:` (legacy unprefixed keys still map to `id:` only).
704704- `channels.msteams.actions.memberInfo`: enable or disable the Graph-backed member info action (default: enabled when Graph credentials are available).
705-- `channels.msteams.authType`: authentication type — `"secret"` (default) or `"federated"`.
705+- `channels.msteams.authType`: authentication type - `"secret"` (default) or `"federated"`.
706706- `channels.msteams.certificatePath`: path to PEM certificate file (federated + certificate auth).
707707- `channels.msteams.certificateThumbprint`: certificate thumbprint (optional, not required for auth).
708708- `channels.msteams.useManagedIdentity`: enable managed identity auth (federated mode).
@@ -1014,8 +1014,8 @@ Bots have limited support in private channels:
1014101410151015## Related
101610161017-- [Channels Overview](/channels) — all supported channels
1018-- [Pairing](/channels/pairing) — DM authentication and pairing flow
1019-- [Groups](/channels/groups) — group chat behavior and mention gating
1020-- [Channel Routing](/channels/channel-routing) — session routing for messages
1021-- [Security](/gateway/security) — access model and hardening
1017+- [Channels Overview](/channels) - all supported channels
1018+- [Pairing](/channels/pairing) - DM authentication and pairing flow
1019+- [Groups](/channels/groups) - group chat behavior and mention gating
1020+- [Channel Routing](/channels/channel-routing) - session routing for messages
1021+- [Security](/gateway/security) - access model and hardening
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。