Setting up Signed-in Bots for Microsoft Teams
How to sign in your bot into a Microsoft teams account
This guide is for you if:
- You need to join meetings that only allow signed-in Microsoft teams users
Limitations:
- Signed-in bot names cannot be overridden - Signed-in Microsoft Teams bots get their name from the Microsoft Teams account used to sign-in the bot. This overrides the
bot_name
parameter in Create Bot endpoint - Signed-in Microsoft Teams bots must be in their own Organization - Signed-in Microsoft Teams bots must be in their own organization due to global organization-level permission changes
Signed-in Microsoft Teams Bot in 5 Steps
Step 1: Set up a new Microsoft 365 Business account
Do not create the bot account in your existing Microsoft business organizationSince the authenticated bot requires global organization-level permission changes, authenticated Teams bots should always use a new Microsoft account
Head to the Microsoft 365 Business page to buy the Microsoft 365 Business Basic license
https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products-b
After clicking "Buy Now", proceed to login with your admin account. Microsoft will then ask you to set up your account and pay for the license
Once done, you will need to sign into the M365 admin dashboard. Note that it may request you to set up MFA for this admin account
Step 2: Create the bot's account
Step 2.1: Create a new user for the bot

Next, give the bot an email, display name, and password. You do not need to apply roles/permissions or fill out any additional details
The bot display name and profile image cannot be overriddenRegardless of what you specify in your Create Bot request, the display name and profile photo will always be taken from the Microsoft account details defined in this section
As you go through the steps, Microsoft will ask if you'd like to assign a license to the user. You won't need to buy an additional license for the bot
Once you finish adding the new user for the bot, you will be given the bot's sign-in details. You will need to save the bot's email and password for later
Step 2.2: Reassign the Teams license to the bot user
First head to Billing > Licenses > Microsoft 365 Business Basic and select your admin account. Then you will see the option to unassign licenses

After this, reload the page you can reassign the license to the bot user. If you are prompted to buy another license after unassigning, wait a few minutes before refreshing the page. Microsoft may need some time to free up the license before you can reassign it

Step 3: Add the bot's sign-in credentials in the Recall dashboard
Head to the dashboard's Meeting Bot Setup > Microsoft Teams page and add the bot's email & password

We recommend keeping Login Mandatory option turned off.The login mandatory option (if turned on) forces the bot to always login before joining the call. We recommend to keep this option off, as a result bot will attempt to login only for calls where signed in participants are mandatory
Leaving this enabled will mean that the bot's profile (name and picture) will be used every time the bot joins the call. This will override the
bot_name
setting you have set
Step 4: Update the Microsoft tenant's security settings
Step 4.1: Create a pay-as-you-go azure account
Sign into the admin portal using the admin account
https://azure.microsoft.com/en-us/pricing/purchase-options/azure-account
Step 4.2: Disabling Security Defaults
Search for the Microsoft Entra ID
product
Once in the Microsoft Entra Id
product, disable the security defaults found in Overview > Properties > Manage Security Defaults
and set Security Defaults
to Disabled (not recommended)
. All tabs and fields can be seen in the image below

Step 4.3: Disable "Show keep user signed in"
Search for the Users
product.
Once in the Users
product, click on User Settings
in the sidebar and disable the "Show keep users signed in" toggle. The path and toggle can be seen in the image below

Step 4.4: Set the bot's profile picture
After you create the new user, wait a few seconds and reload the page to see the new user. Then you can click on the profile to navigate to the bot's account to update the bot's profile picture

Step 5: Test the bot
Now that your new bot account is set up, you can try sending your bot to a new Microsoft Teams meeting
You can quickly test this by sending a bot using the interactive Create Bot api docs. Make sure you use a new Teams Meeting URL and the API key from the Recall account with your Microsoft Teams Business Account login credentials
When testing, select the "Login Mandatory" option in the Recall dashboard's Meeting Bot Setup > Teams > Signed-in Microsoft Teams credentials. Then you can send a bot to a Teams meeting to see it sign-in. Don't forget to disable this again after your test

Note that you the bot will only sign in for meetings that require signed-in participants
FAQs
Why does the bot sometimes have (Guest)
and others (External)
after the display name?
(Guest)
and others (External)
after the display name?A bot has (Guest)
next to the display name when the bot is not signed in.
A bot has (External)
next to the display name when the bot is signed in.
If you want the bot to always show (External)
instead of (Guest)
, you can enable the "Login Mandatory" checkbox in the Teams Web Credentials. Note that logging in the bots take a significantly longer time to join calls
Why does the bot have (Unverified)
after the display name?
(Unverified)
after the display name?Microsoft released an update February 2024 that affects how Teams participants are displayed depending on their account's relationship with the organization.
This only affects the new version of teams (teams.microsoft.com), and is not applicable for the old version (teams.live.com).
Below is a summary of these changes:
No label: All participants who are part of the organizerβs organization.
External: All participants who are external to the organizerβs organization but have a trusted relationship with the organizer or their organization. This means the domain of the signed-in user is on the host's list of trusted domains
Unverified: All other participants will be seen with this label. This will include Microsoft Entra ID users who belong to organizations that do not have an explicit external access setup with the organizerβs organization, Microsoft Account (personal) users, users who are not using any Microsoft ID while joining meetings, and others.
This means that, by default, bot that join a Teams meetings hosted at teams.microsoft.com will have the Unverified
suffix.
Would Microsoft Teams Essentials plan also work for setting this up or does this requires a Microsoft 365 Business Basic?
We haven't tested the Microsoft Teams Essentials plan ourselves so we can't say for certain but we recommend our devs use the Microsoft 365 Business Basic plan as this is what we used for setup and it contains all the required security settings and configurations needed for the bot to join calls
Is there a way to detect beforehand when a Signed-in Teams bot will be required for a user meeting
There is not a way for you to detect what kind of bot will be required for a meeting beforehand because the bot will need to attempt to sign in and encounter the "you need to sign in" page for us to know
That being said, we also have an option in the dashboard to make the bot sign in for every meeting (called "Login Mandatory"). If you leave this bot unchecked, it will only sign in for meetings that require participant sign-in
We generally recommend developers leave this box unchecked (do not sign in for every meeting, only when required) to keep the bot's join time as low as possible
Can we use our own Teams organization or do we need a new Teams organization for every customer?
We recommend creating a new organization for the bot, then all of your customers can invite this bot to their org (so you only need one new org for all your customers). We recommend creating a new organization for your bot because you need to update the org's security settings which you typically don't want to apply to your whole org
We also recommend having your customers tenants add the bots domain as a "trusted organization" in their security settings
Will Signed-in Teams bots work for Calendar V1, V2, scheduled bots, or ad-hoc bots?
This will work for all meetings (calendar v1/v2 meetings, scheduled meetings, or adhoc meetings). Once you configure it in the Recall dashboard, this gets applied to all your Teams bots moving forward
Updated 8 days ago