What are the Microsoft App ID and password for when building a Teams bot?

When you're building an app for Microsoft Teams, or really, anything that's going to end up using the Azure Bot Service, at some point in the process you have to create and manage a Microsoft App ID and password. When you first do this, it feels quite confusing. What is this? What is it authenticating exactly? These are good questions, because there are some things you need to be aware of to avoid running into troubles down the road.

The Bot Framework Service

If you're using the Azure Bot Service, there's a component that lives in Azure called the Bot Framework Service (BFS). Sometimes you'll also see it referred to as the Bot Connector Service (BCS) - technically, the BFS and BCS are distinct, but from a developer's perspective we don't need to worry about that. The Bot Framework Service allows you to develop your bot in a channel-agnostic way by normalizing messages that the bot sends to a channel. This involves converting it from the bot framework schema into the channel's schema. Ultimately, what this lets you do is write the bot functionality once and then you can just go in to Azure and tick/enable any channels you want the bot to work on - Slack, Teams, Skype, Facebook Messenger, etc. Handy huh!

Your bot (in the cloud) exchanges messages with the BFS using standard REST calls and JSON over HTTPS. And then the BFS converts the messages into the appropriate format/API calls for whatever the target channel is (Slack, Teams, etc.). The communication between your bot and the BFS is authenticated with JWT Bearer tokens and this is where your App ID and password come in. The App ID and password are what are used to secure the service to service communication between your bot and the Bot Framework Service as part of a standard OAuth authentication process you can read more about here.

Bot <> Bot Connector authentication flow

Microsoft App ID and password

For the most part, if you're using the Bot Framework SDK you don't need to care about the App ID and password. When you register your bot with the Azure Bot Service, you'll be given the App ID and password, you provide that when initializing the SDK, and that's the end of the story. Beneath the covers, you might be interested to know that the App ID is actually an Azure Activity Directory (AD) application ID, which makes sense: your bot needs to authenticate to talk to a service that lives in Azure (The Bot Connector Service). If you want to see and manage all such application IDs, you can do this in Azure - they're listed under App Registrations which you can directly access via http://aka.ms/AppRegistrations.


There's one thing about the App ID and password that can catch you out if you're not careful and that's to make sure that the App ID and password are created in the right Azure account! Getting it wrong can happen surprisingly easily - this is because one common way to acquire the App ID is also through using App Studio within Microsoft Teams. When you do this, the App ID will be created within the Azure account for whatever Microsoft account is logged in to Teams at that time. If you're part of the Microsoft 365 Developer Program and you're using that to test your Teams app, then that's the Azure account it'll create the App ID in - even if you've never used or setup Azure for that account! So, generally speaking, you're better off always getting your App ID and password directly from Azure as part of the bot registration process.