Setting up Signed-in Bots for Microsoft Teams
How to sign in your bot into a Microsoft teams account
This guide is for you if:
- You need to join meetings that only allow signed-in Microsoft teams users
Limitations:
- Signed-in bot names cannot be overridden - Signed-in Microsoft Teams bots get their name from the Microsoft Teams account used to sign-in the bot. This overrides the
bot_nameparameter in Create Bot endpoint - Signed-in Microsoft Teams bots must be in their own Organization - Signed-in Microsoft Teams bots must be in their own organization due to global organization-level permission changes
Signed-in Microsoft Teams Bot in 5 Steps
In this guide, you will:
- Create a new Microsoft Teams Business Organization and Account. The only user in this organization is the bot account
- Update the Account Security Settings. The account is now able to seamlessly join meetings without needing to 2FA or store sessions
- Update your Account Profile. The bot account is customized and will reflect that when in meetings
- Add your Microsoft Account Credentials to Recall. Now Recall is able to sign in your bot on behalf of the new account/organization you've made
- See the bot in action. You have tested the bot and it is working as flawlessly
Let's get started 👇
Step 1: Create a new Microsoft Business Organization
Do not create the bot account in your existing Microsoft business organization
Since the authenticated bot requires global organization-level permission changes, authenticated Teams bots should always use a new Microsoft account
Step 1.1: Choose the Microsoft 365 Business Basic Plan
Microsoft 365 Business Basic PlanQuick Note: This must be a paid account. The Microsoft 365 Business Basic account is $6USD/month and has the minimum required features needed.
To get started, head to the Microsoft 365 Business Pricing Page to create a new account.
A comparison of Microsoft 365 Business plans
Step 1.2: Complete your account and organization registration
After selecting the plan, complete the account information, organization information, and payment steps.
You'll notice that the email uses the @*.onmicrosoft.com domain. This can be later configured to be a custom domain as well if needed.
The red box highlights the auto-generated email domain. This domain can be updated to a custom domain from the dashboard later
Checkpoint
At this point, you should be in the dashboard with a new organization and Microsoft Teams Business email account
Step 2: Update Organization Security Settings
The goal of this step is to allow the bot to seamlessly join meetings without having to go through 2FA and other security measures which is enforced by Microsoft Teams Business by default. We will do this by updating the security settings to only use the minimum-required configurations
Step 2.1: Disabling Security Defaults
While signed into the bot Microsoft Teams Business account, head to the Azure Dashboard. Then search for the Microsoft Entra ID product
Once in the Microsoft Entra Id product, disable the security defaults found in Overview > Properties > Manage Security Defaults and set Security Defaults to Disabled (not recommended). All tabs and fields can be seen in the image below
Navigating to the Security Defaults dropdown. Make sure this field is disabled
Step 2.2: Disable "Show keep user signed in"
While signed into the bot Microsoft Teams Business account, head to the Azure Dashboard. Then search for the Users product.
Once in the Users product, click on User Settings in the sidebar and disable the "Show keep users signed in" toggle. The path and toggle can be seen in the image below
Navigating to the "Show keep user signed in" toggle. Make sure this toggle is off
Checkpoint
At this point, you should have disabled "Security Defaults" and turned off the "Show keep user signed in" toggle. This will skip 2FA and will make sure your bot sessions expire after the bot leaves the call
Step 3: Customize the bot profile
This step will update the bot details seen in the meeting itself. You can update the display name and profile image here
The bot display name and profile image cannot be overridden
Regardless of what you specify in your Create Bot request, the display name and profile photo will always be taken from the Microsoft account details defined in this section
Step 3.1: Update the account details
While signed into the bot Microsoft Teams Business account, head to the Azure Dashboard. Then search for the Users product
Once in the users product, select the bot profile you want to update
Navigating to your bot account
After selecting your profile, update the "Display Name" and "Profile Image" to reflect what you want to display in meetings
Click the "Camera icon" to update the profile image and "Edit properties" to update the display name
Step 3.3: Login to Microsoft Teams and Start Test Call
After your account is set up, head to Microsoft Teams. Once there, login with your account and complete the onboarding process. We also recommend trying to create a new call to make sure your Display Name and Profile Image are what you are expecting
Checkpoint
At this point, you should have your display name and profile photo updated on the account your bot will impersonate in meetings
Step 4: Add the Microsoft Teams Business Account Email & Password in the Recall Dashboard
As the title says, head over to Recall and login. Make sure you select the right region when logging in.
Once in the recall dashboard, update your Microsoft Teams Business Account login credentials in Teams Web Credentials
Navigating to the Microsoft Teams Web Credentials (Microsoft Teams Business Account Credentials)
In your Teams Web Credentials, add your login credentials and click the Create Configuration button
Save your Microsoft Teams Business Account email and password for recall to use when joining meetings
We recommend keeping Login Mandatory option turned off.
The login mandatory option (if turned on) forces the bot to always login before joining the call. Due to authentication flow for Teams web this can lead to increased delays before bots join the call. We recommend to keep this option off, as a result bot will attempt to login only for calls where signed in participants are mandatory
Checkpoint
By this point, you should have your Microsoft Teams Business Account login credentials saved in recall
Step 5: Test the bot
Now that your new bot account is set up, you can try sending your bot to a new Microsoft Teams meeting
You can quickly test this by sending a bot using the interactive Create Bot api docs. Make sure you use a new Teams Meeting URL and the API key from the Recall account with your Microsoft Teams Business Account login credentials
Note that you the bot will only sign in for meetings that require signed-in participants
Wrapping up
Hooray! By this point you have:
- Created a new Microsoft Teams Business Organization and Account. The only user in this organization is the bot account
- Updated the Account Security Settings. The account is now able to seamlessly join meetings without needing to 2FA or store sessions
- Updated your Account Profile. The bot account is customized and will reflect that when in meetings
- Added your Microsoft Account Credentials to Recall. Now Recall is able to sign in your bot on behalf of the new account/organization you've made
- Seen the bot in action. You have tested the bot and it is working as flawlessly
Good work and if you have any questions, don't hesitate to reach out to us at {{TODO: SUPPORT_EMAIL_GOES_HERE}}
FAQs
Why does the bot sometimes have (Guest) and others (External) after the display name?
(Guest) and others (External) after the display name?A bot has (Guest) next to the display name when the bot is not signed in.
A bot has (External) next to the display name when the bot is signed in.
If you want the bot to always show (External) instead of (Guest), you can enable the "Login Mandatory" checkbox in the Teams Web Credentials. Note that logging in the bots take a significantly longer time to join calls
Why does the bot have (Unverified) after the display name?
(Unverified) after the display name?Microsoft released an update February 2024 that affects how Teams participants are displayed depending on their account's relationship with the organization.
This only affects the new version of teams (teams.microsoft.com), and is not applicable for the old version (teams.live.com).
Below is a summary of these changes:
No label: All participants who are part of the organizer’s organization.
External: All participants who are external to the organizer’s organization but have a trusted relationship with the organizer or their organization.
Unverified: All other participants will be seen with this label. This will include Microsoft Entra ID users who belong to organizations that do not have an explicit external access setup with the organizer’s organization, Microsoft Account (personal) users, users who are not using any Microsoft ID while joining meetings, and others.
This means that, by default, bot that join a Teams meetings hosted at teams.microsoft.com will have the Unverified suffix.
Updated 12 days ago