Microsoft Teams

The Fastest Way: HeraClaw Cloud ⚡

Skip the Azure AD app registration, bot framework setup, and tenant admin approval. HeraClaw Cloud comes with Microsoft Teams integration pre-configured and ready to use in 60 seconds.

Why HeraClaw Cloud for Microsoft Teams?

✅ Ready in 60 seconds - No Azure AD app registration, no bot framework configuration, no tenant admin approval ✅ Pre-configured bot - Works immediately after team authorization ✅ Always updated - We handle Microsoft Graph API changes and Teams platform updates automatically ✅ Professional support - If anything breaks, we fix it for you ✅ Secure by default - Enterprise-grade security, SOC 2 compliant infrastructure ✅ Zero maintenance - No Azure resources to manage, no certificates to renew, no uptime monitoring

How it works:

1. Sign up at cloud.getopenclaw.ai (takes 60 seconds)
2. Go to Integrations → Microsoft Teams
3. Click 'Connect to Teams'
4. Authorize our bot for your organization
5. Done! Start using your AI assistant in Teams

Get Started: Start with HeraClaw Cloud →

Complete Guide to OpenClaw + Microsoft Teams

Microsoft Teams is where enterprise work happens. With over 300+ million monthly active users across organizations worldwide, it's the collaboration hub for the Microsoft 365 ecosystem. OpenClaw's Teams integration brings powerful AI assistance directly into this platform, eliminating context-switching and making AI help available exactly where teams collaborate.

Whether you're running a 10-person startup or a 100,000-employee enterprise, this integration transforms how your organization accesses AI assistance. No new apps to learn, no separate interfaces - just @mention your assistant in any channel or chat and get instant, intelligent help.

Why Use Microsoft Teams with OpenClaw?

Microsoft Teams' deep integration with the Microsoft 365 ecosystem makes it uniquely powerful for AI assistants. Here's why the OpenClaw + Teams combination is transformative:

1. Enterprise-Grade Security and Compliance

Teams was built from the ground up for enterprise security, and OpenClaw leverages it completely:

• Azure AD integration: Seamless single sign-on with your organization's identity provider
• Conditional access policies: Enforce MFA, device compliance, and location-based access
• Data loss prevention (DLP): Prevent sensitive information from being shared with the assistant
• eDiscovery and legal hold: All AI interactions are captured for compliance
• Information barriers: Respect organizational boundaries and communication policies
• Private channels support: Works in standard, private, and shared channels
• 1:1 chat privacy: Personal conversations for sensitive questions
• Multi-tenant isolation: Different configurations per Microsoft 365 tenant
• Audit logs: Track every interaction for security review and compliance

This makes it perfect for enterprises where security, compliance, and data governance are non-negotiable. Your compliance team can review exactly who asked what, when, with full audit trails.

2. @Mention Interface - Natural and Familiar

No commands to memorize, no special syntax. Just @mention your assistant like you'd @mention a colleague:

@OpenClaw what meetings do I have today?@OpenClaw summarize the last 20 messages in this channel@OpenClaw create a task to follow up with the client by Friday@OpenClaw find the Q4 budget spreadsheet in our SharePoint

Your team already knows how to use it. Zero training required.

3. Adaptive Cards for Rich Interactions

Teams' Adaptive Cards provide interactive, actionable responses:

• Action buttons: Approve/reject, create/update, confirm/cancel directly in chat
• Form inputs: Collect information without leaving Teams
• Carousel layouts: Browse multiple options with next/previous buttons
• Hero cards: Display rich information with images, titles, and actions
• List cards: Present structured data in scannable format
• Thumbnail previews: Preview documents, images, and files inline

Example: Ask "Show me pending expense reports" and get an Adaptive Card with each report, amounts, and Approve/Reject buttons. No clicking into another app.

4. Deep Microsoft 365 Integration

Teams sits at the center of the Microsoft 365 ecosystem, and OpenClaw can access it all:

• SharePoint: Search documents, retrieve files, check permissions
• OneDrive: Access personal and shared files across the organization
• Outlook: Check calendar, send emails, schedule meetings
• OneNote: Search notebooks, retrieve notes, create pages
• Planner: Create tasks, check project status, assign work
• Power Platform: Trigger Power Automate flows, query Dataverse
• Dynamics 365: Access CRM data, update opportunities, check customer info
• Microsoft Graph: Unified API access to all Microsoft 365 services

Example: "Find the contract we shared with Acme Corp last month" searches SharePoint, OneDrive, Teams file tabs, and email attachments - all from one query.

5. Threaded Conversations and Context

Teams' reply system maintains conversation context:

• Threaded replies: Start a conversation from any message for extended discussions
• Channel organization: Main channel stays clean while detailed help happens in replies
• Context preservation: Assistant remembers everything discussed in the thread
• Multiple concurrent conversations: Different team members can have parallel discussions
• Searchable history: All AI interactions are searchable in Teams search
• Cross-device sync: Continue conversations from desktop, mobile, or web

Example: Someone asks a complex question in a channel. The assistant responds, and multiple team members can ask follow-up questions in the same thread. The main channel just shows one message.

6. Rich Message Formatting for Professional Communication

Teams' formatting makes technical and business information readable:

• Code blocks with syntax highlighting: Perfect for technical teams
• Tables: Structured data presentation
• Formatted lists: Bullet points and numbered lists for clarity
• Inline code: variable names and function() calls properly formatted
• Links and mentions: Clickable links and user mentions
• Block quotes: Highlight important information
• Emoji and reactions: Quick feedback without cluttering threads
• Markdown support: Use familiar markdown syntax

Technical answers look professional and are easy to scan. No more walls of unformatted text.

7. File Upload and Analysis

Upload files directly to Teams for AI analysis:

• Images: Screenshots, diagrams, charts, photos - "Explain this architecture diagram"
• Code files: "Review this Python script" "Find security issues in this code"
• Office documents: "Summarize this Word document" "Extract action items from this PowerPoint"
• PDFs: "What are the key terms in this contract?"
• Spreadsheets: "What's the total revenue in Q4 from this Excel file?"
• Archives: ZIP files (extracts and analyzes contents)

File size limits: Up to 250GB per file on Teams (enterprise), 2GB on Teams Free. The assistant can read and analyze everything.

8. Meeting Integration and Transcription

Teams' meeting capabilities unlock powerful AI use cases:

• Meeting transcription: Real-time transcription of Teams meetings
• Recording analysis: "Summarize yesterday's standup meeting"
• Action item extraction: "What tasks were assigned in the leadership meeting?"
• Meeting notes: Automatic note-taking during meetings
• Follow-up reminders: Extract commitments and create reminders
• Meeting search: "What did we decide about the new feature in last week's product sync?"

Example: After every leadership meeting, the assistant automatically posts a summary with key decisions, action items, and who's responsible.

9. Bot Commands and Message Extensions

For power users, Teams supports multiple interaction patterns:

• @mention commands: @OpenClaw help for quick assistance
• Message extensions: Search functionality directly in the compose box
• Action-based extensions: Right-click any message to get AI help
• Compose extensions: Generate content directly while typing
• Task modules: Modal dialogs for complex interactions

Example: Right-click on any message and select "Summarize thread" to get an instant summary.

10. Multi-Tenant Support for Enterprise

Enterprise organizations often manage multiple Microsoft 365 tenants (subsidiaries, business units, acquisitions). OpenClaw supports this:

• Same bot across tenants: One OpenClaw instance, multiple Microsoft 365 tenants
• Different permissions per tenant: Engineering tenant gets code access, sales tenant gets CRM access
• Shared or isolated memory: Choose whether tenants share context or stay isolated
• Centralized management: Manage all tenant integrations from one dashboard
• Cross-tenant collaboration: Support Teams Connect shared channels

Perfect for holding companies, MSPs, or organizations with complex multi-tenant structures.

11. Government Cloud and Compliance

For organizations with strict compliance requirements:

• GCC (Government Community Cloud): Support for U.S. government customers
• GCC High: Department of Defense compliance
• Microsoft 365 Germany: European data residency
• Microsoft 365 China (21Vianet): China-specific deployment
• HIPAA compliance: Protected health information (PHI) support
• GDPR compliance: European privacy regulation compliance
• FedRAMP: Federal Risk and Authorization Management Program

Real-World Use Cases

1. Executive Team: Strategic Decision Support

Scenario: Your executive team conducts weekly leadership meetings in Teams. Discussions span strategy, financials, operations, and people decisions. Information is scattered across PowerPoints, Excel models, email threads, and previous meeting recordings.

How OpenClaw helps:

Integrate with Teams meetings, SharePoint, and Microsoft 365:

• Pre-meeting briefings: "@OpenClaw prepare my briefing for today's leadership meeting" → Pulls agenda, relevant docs, previous decisions, and pending items
• During-meeting support: Real-time transcription with the assistant listening for action items and questions
• Information lookup: "What was our revenue growth last quarter?" → Queries financial reports in SharePoint
• Decision documentation: "Document our decision to expand to EMEA" → Creates decision record in SharePoint with context
• Post-meeting summaries: Automatically posts meeting summary with key decisions, action items, and owners
• Action tracking: "What action items are assigned to me from leadership meetings?" → Lists pending commitments

Impact:

• Executives save 5-7 hours per week on meeting prep and follow-up
• Strategic decisions documented automatically with full context
• Action items never fall through the cracks (tracked and reminded)
• Meeting effectiveness increases 40% with better preparation
• Historical decision context always available ("Why did we decide X last year?")

Configuration:

teams:  channels:    - "Leadership Team" (private channel)  permissions:    - Executives only  integrations:    - SharePoint (strategy documents)    - Planner (action tracking)    - Meeting transcription

2. Sales Team: Deal Room Coordination and CRM Integration

Scenario: Your sales team uses Teams for deal coordination. Each major opportunity has its own Teams channel with sales reps, solution engineers, and executives. They need quick access to CRM data, product information, pricing, and customer history during calls and negotiations.

How OpenClaw helps:

Integrate with Dynamics 365, SharePoint, and product documentation:

• Deal room setup: "@OpenClaw create a deal room for Acme Corp $500K opportunity" → Creates channel, adds team members, sets up SharePoint folder
• CRM queries: "What's the status of the Acme Corp opportunity?" → Pulls from Dynamics 365 with stage, amount, close date
• Customer context: "Give me the history with Acme Corp" → Recent emails, meeting notes, previous purchases, support tickets
• Competitive intelligence: "How do we compare to Salesforce on enterprise features?" → Battle card from SharePoint
• Pricing assistance: "What's our pricing for 500 seats with premium support?" → Configured pricing with approval workflows
• Proposal generation: "Draft a proposal for Acme Corp, 500 seats, 3-year deal" → Creates proposal template with correct terms
• Opportunity updates: "Update Acme Corp opportunity to 'Negotiation' stage" → Updates CRM automatically
• Follow-up reminders: "Remind me to follow up with Acme Corp on Friday" → Sets reminder in Planner

Impact:

• Sales cycle time reduced 25% with instant information access
• Win rate increases 15% due to faster response to prospect questions
• CRM data quality improves (updates happen in real-time, not end-of-week)
• Sales reps spend 60% less time on administrative tasks
• Consistent messaging across all team members
• Deal handoffs smoother (all context captured in Teams)

Configuration:

teams:  channels:    - "Sales" (standard channel)    - Deal-specific channels (dynamic)  integrations:    - Dynamics 365 CRM    - SharePoint (sales collateral)    - Outlook (email context)  adaptive_cards:    - Deal summaries    - Pricing calculators    - Approval workflows

3. Customer Success: Support Channel Automation

Scenario: Your customer success team coordinates support in Teams. Each enterprise customer has a dedicated Teams channel (some are Teams Connect shared channels with the customer). Support requests come via email, the portal, and directly in Teams. The team needs to quickly check ticket status, customer history, and known issues.

How OpenClaw helps:

Integrate with your ticketing system, knowledge base, and monitoring:

• Ticket creation: "@OpenClaw create a P2 ticket for API timeout errors at Acme Corp" → Creates ticket in Zendesk/ServiceNow and posts ticket number
• Status checks: "What's the status of ticket #12345?" → Pulls current status, assigned engineer, last update
• Customer history: "Show me all open tickets for Acme Corp" → Lists active tickets with severity and age
• Knowledge base search: "How do customers reset their password?" → Pulls from knowledge base with step-by-step guide
• Escalation workflows: "Escalate ticket #12345 to engineering" → Updates ticket, notifies engineering team in their channel
• SLA monitoring: "Are we at risk of missing any SLAs?" → Lists tickets approaching SLA breach
• Resolution templates: "Draft a response for 'email deliverability issues'" → Professional response template
• Customer communication: In shared channels, "@OpenClaw what's the ETA for the fix?" → Checks ticket and provides customer-appropriate response

Impact:

• First response time drops from 45 minutes to under 5 minutes
• Customer satisfaction (CSAT) increases 28% due to faster, more accurate responses
• Support agents handle 70% more tickets with the same team size
• SLA compliance improves from 92% to 99.5%
• Knowledge base gaps identified automatically (assistant flags missing docs)
• Escalations happen faster with full context
• Customer-facing communication more professional and consistent

Configuration:

teams:  channels:    - "Customer Success" (internal)    - Shared channels with customers (Teams Connect)  integrations:    - Zendesk/ServiceNow    - Knowledge base (SharePoint)    - Monitoring (Datadog)  permissions:    - CS team: full access    - Customers: limited (status checks only)

4. Engineering: Incident Response and On-Call Coordination

Scenario: Your engineering team manages incidents in Teams. When production issues occur, every second counts. The on-call engineer needs instant access to logs, monitoring dashboards, deployment history, and runbooks.

How OpenClaw helps:

Integrate with Azure DevOps, monitoring tools, and incident management:

• Incident detection: Azure Monitor alert triggers "@OpenClaw create incident for API latency spike" → Creates incident channel, notifies on-call, posts initial data
• Status queries: "What's the current error rate for the payment service?" → Queries Application Insights and reports with graph
• Log analysis: "Show me errors in the last 10 minutes" → Fetches logs from Azure Log Analytics and summarizes
• Deployment context: "What was deployed in the last hour?" → Queries Azure DevOps for recent releases
• Runbook access: "How do we roll back the payment service?" → Links to runbook in SharePoint with exact commands
• Team coordination: "Who's on-call for the payment service?" → Checks PagerDuty and @mentions the engineer
• Impact assessment: "How many users are affected?" → Queries telemetry and provides estimate
• Postmortem creation: "Create a postmortem for today's incident" → Generates template with timeline from Teams messages
• Status updates: "Post an update to #engineering-status" → Drafts professional status update based on current state

Impact:

• Mean time to resolution (MTTR) decreases 35%
• Fewer escalations needed (junior engineers can resolve more issues with AI guidance)
• Incident documentation quality improves (automatic capture of timeline and decisions)
• On-call burden reduced (faster resolution = less pager stress)
• Knowledge captured and searchable for future incidents
• Stakeholder communication better (consistent status updates)

Configuration:

teams:  channels:    - "Engineering" (standard)    - "Incidents" (incident war rooms)    - "Engineering-Status" (read-only for company)  integrations:    - Azure Monitor    - Application Insights    - Azure DevOps    - PagerDuty    - SharePoint (runbooks)  incident_automation:    - Create channel on critical alert    - Notify on-call    - Post initial diagnostics

5. HR: Employee Onboarding and Self-Service

Scenario: Your HR team answers repetitive questions about benefits, policies, PTO, parental leave, and company procedures. New employees constantly ask the same questions. HR spends 50%+ of their time on FAQ-style questions instead of strategic people initiatives.

How OpenClaw helps:

Integrate with your HRIS, employee handbook, and benefits systems:

• PTO inquiries: "How much PTO do I have left?" → Checks Workday/ADP and responds with balance and upcoming scheduled time
• Policy questions: "What's our parental leave policy?" → Pulls from employee handbook in SharePoint with full details
• Benefits enrollment: "When can I change my health insurance?" → Explains enrollment periods and links to benefits portal
• Expense reports: "How do I submit an expense report?" → Step-by-step guide with link to Concur/Expensify
• IT requests: "How do I reset my password?" → Links to IT self-service portal
• Org chart queries: "Who's the manager of the marketing team?" → Queries Azure AD and shows org chart
• Holiday calendar: "What holidays do we observe in 2026?" → Lists holidays from company calendar
• Onboarding support: New hire asks "Where do I find the 401k enrollment form?" → Links to document and explains process
• Anonymous feedback: "I want to report a workplace concern" → Provides link to anonymous reporting system

Impact:

• HR team spends 75% less time answering repetitive questions
• Employees get answers 24/7, not just 9-5 during business hours
• Policy information always up-to-date (single source of truth in SharePoint)
• New hires onboard 40% faster with instant access to information
• HR can focus on strategic initiatives (retention, culture, development)
• Employee satisfaction increases (faster answers, less friction)
• Compliance improves (consistent policy information)

Configuration:

teams:  channels:    - "Ask HR" (company-wide)    - "HR Team" (internal, full access)  integrations:    - Workday/ADP (HRIS)    - SharePoint (employee handbook)    - Azure AD (org chart)  privacy:    - PII redaction in logs    - Private responses for sensitive topics    - Escalation to human for complex issues

6. Project Management: Cross-Functional Coordination

Scenario: You have a major product launch spanning Engineering, Product, Design, Marketing, and Sales. Coordination happens across multiple Teams channels, Planner boards, SharePoint documents, and OneNote notebooks. Status updates require manually checking 10+ different sources.

How OpenClaw helps:

Integrate with Planner, Azure DevOps, SharePoint, and Teams:

• Project status: "@OpenClaw what's the status of the Q2 product launch?" → Checks Planner tasks, Azure DevOps work items, and recent Teams discussions
• Blocker identification: "What's blocking the launch?" → Scans all project channels, boards, and tasks for items marked as blocked
• Timeline queries: "Are we on track for the April 15 launch?" → Compares progress to baseline plan and reports risk level
• Resource allocation: "Who's working on the mobile app redesign?" → Checks Planner assignments and Azure DevOps
• Dependency tracking: "What needs to be done before we can start user testing?" → Shows dependency chain from project plan
• Stakeholder updates: "Generate a status update for leadership" → Synthesizes progress across all workstreams into executive summary
• Meeting prep: "Prepare for today's launch standup" → Summarizes completed tasks, open items, and blockers
• Document retrieval: "Find the launch messaging doc" → Searches SharePoint and Teams files
• Decision tracking: "What did we decide about pricing for the new tier?" → Searches Teams conversations and meeting notes

Impact:

• Project visibility increases 10x across all stakeholders
• Status update meetings reduced from 60 min to 15 min (or eliminated via async)
• Blockers surface 2-3 days earlier (proactive identification)
• Launch timeline accuracy improves 50% with real-time tracking
• Cross-team coordination friction reduced (single source of truth)
• Project managers save 10-12 hours per week on status reporting

Configuration:

teams:  channels:    - "Q2 Launch" (main project channel)    - "Engineering - Q2 Launch"    - "Marketing - Q2 Launch"    - "Design - Q2 Launch"  integrations:    - Planner    - Azure DevOps    - SharePoint (project docs)    - OneNote (meeting notes)  dashboards:    - Overall project health    - Per-workstream status    - Risk and blockers

7. Marketing: Campaign Coordination and Content Review

Scenario: Your marketing team coordinates campaigns across multiple channels (email, social, paid ads, events). Each campaign has creative assets in SharePoint, copy in Word/OneNote, performance data in Excel, and coordination happening in Teams. Approvals are slow and content is scattered.

How OpenClaw helps:

Integrate with SharePoint, Microsoft Forms, and marketing tools:

• Campaign status: "@OpenClaw what's the status of the Q2 product launch campaign?" → Shows creative status, copy approval, ad spend, and launch date
• Asset retrieval: "Find the hero image for the email campaign" → Searches SharePoint and Teams files, returns link
• Content review: Uploads image: "Does this ad creative follow our brand guidelines?" → Analyzes image and provides feedback
• Copy feedback: Pastes email copy: "Review this email for tone and clarity" → Provides suggestions and improvements
• Approval workflows: "Submit this blog post for approval" → Creates Adaptive Card with content preview and Approve/Reject buttons, notifies approvers
• Performance tracking: "How's the paid social campaign performing?" → Pulls data from marketing analytics and summarizes
• Competitor research: "What are competitors saying about AI features?" → Searches competitive intelligence in SharePoint
• Content calendar: "What content is publishing this week?" → Queries content calendar in Planner/SharePoint
• Event coordination: "Who's confirmed for the webinar on Thursday?" → Checks Microsoft Forms responses

Impact:

• Content approval time reduced from 3-5 days to 4-6 hours
• Campaign launch velocity increases 40% (less time searching for assets)
• Brand consistency improves (AI catches guideline violations)
• Marketing team spends 60% less time on coordination, more on strategy
• Cross-functional alignment better (everyone sees campaign status in real-time)
• Asset reuse increases (easier to find previous campaign materials)

Configuration:

teams:  channels:    - "Marketing" (general)    - Campaign-specific channels (dynamic)  integrations:    - SharePoint (creative assets)    - Planner (content calendar)    - Microsoft Forms (event registration)    - Analytics (campaign performance)  workflows:    - Content approval (Adaptive Cards)    - Brand guideline checks    - Asset versioning

8. Finance: Expense Approval Workflows and Reporting

Scenario: Your finance team manages expense approvals, budget tracking, and financial reporting. Expense reports come via Concur/Expensify, budget data is in Excel/Power BI, and approvals happen via email (slow and error-prone).

How OpenClaw helps:

Integrate with expense systems, SharePoint, and Power BI:

• Expense approvals: "@OpenClaw show me pending expense approvals" → Displays Adaptive Card with each report, amount, employee, and Approve/Reject buttons
• One-click approval: Click "Approve" in Teams → Updates expense system, notifies employee, no need to open separate app
• Budget tracking: "What's our remaining budget for Q1 marketing?" → Queries budget spreadsheet in SharePoint and reports balance
• Spend analysis: "Show me top 5 expense categories this month" → Pulls from expense system and creates chart
• Policy enforcement: Employee submits expense report → AI checks for policy violations (e.g., receipt required for $75+ meals) and flags issues
• Report generation: "Generate a spend summary for last quarter" → Creates Excel report and uploads to SharePoint
• Vendor payments: "What invoices are due this week?" → Queries accounts payable system and lists upcoming payments
• Financial close support: "What's the status of Q4 financial close?" → Checks close checklist in Planner and reports completion percentage
• Audit support: "Find all expense reports from John Smith in 2025" → Searches expense system and provides download link

Impact:

• Expense approval time reduced from 5-7 days to same-day
• Finance team productivity increases 50% (less time on manual approvals)
• Policy compliance improves 90% (automated checks catch violations)
• Employee satisfaction increases (faster reimbursements)
• Audit preparation time reduced 60% (instant access to historical data)
• Budget visibility in real-time (no more month-end surprises)

Configuration:

teams:  channels:    - "Finance" (internal team)    - "Expense Approvals" (managers)  integrations:    - Concur/Expensify    - SharePoint (budgets, reports)    - Power BI (dashboards)  adaptive_cards:    - Expense approval cards    - Budget alerts    - Invoice payment reminders  automation:    - Policy violation detection    - Approval routing    - Reminder escalations

Features Deep Dive

@Mention Support

Mention your assistant anywhere in Teams:

• In channels (standard, private, shared)
• In group chats
• In 1:1 chats for private assistance
• In meeting chats during calls
• Multiple mentions per message supported
• Works with display name and handle

Adaptive Cards for Rich Interactions

Interactive cards make complex workflows simple:

• Approval cards: Approve/reject with one click
• Form cards: Collect input without leaving Teams
• Hero cards: Display rich information with images and actions
• List cards: Browse structured data
• Carousel cards: Swipe through multiple options
• Receipt cards: Display transactions and receipts
• Action buttons: Trigger workflows directly from cards
• Refresh on action: Cards update after you click (no stale data)

Example Adaptive Card for expense approval:

┌─────────────────────────────────────┐│ Expense Report #3421                ││ Employee: John Smith                ││ Amount: $347.82                     ││ Purpose: Client dinner in NYC       ││ [View Receipt] [View Policy]        ││ ✅ Approve     ❌ Reject             │└─────────────────────────────────────┘

Channel Permission Control

Fine-grained control over where the assistant operates:

• Allowlist specific teams and channels
• Blocklist channels where it should never respond
• Standard channel support (public to team members)
• Private channel support with opt-in
• Shared channel support (Teams Connect)
• 1:1 chat toggle (enable/disable direct messages)
• Per-channel capabilities (code access in Engineering, CRM access in Sales)
• Guest access controls (external users can/cannot interact)

Meeting Integration

Full Teams meeting capabilities:

• Real-time transcription: Live transcription during meetings
• Recording analysis: Summarize recorded meetings
• Action item extraction: "What tasks were assigned in yesterday's meeting?"
• Meeting notes: Automatic note-taking with timestamps
• Participant tracking: Who spoke, when, about what
• Follow-up summaries: Posted to channel after meeting ends
• Meeting search: "What did we decide about pricing in last week's leadership meeting?"
• Highlight reels: Extract key moments from long recordings

File Processing

Upload and analyze files directly in Teams:

• Office documents: Word, Excel, PowerPoint (native Microsoft 365 integration)
• PDFs: Contracts, reports, invoices
• Images: Screenshots, diagrams, photos, whiteboard captures
• Code files: Any programming language
• Archives: ZIP files (extracts and analyzes contents)
• Email files: .msg and .eml files
• OneNote exports: Exported notebook pages

Size limits: Up to 250GB per file on Teams (enterprise plans)

Rich Formatting

Professional message formatting:

• Markdown support: Headers, bold, italic, lists
• Code blocks: Syntax highlighting for 100+ languages
• Tables: Display structured data
• Inline code: Formatted code spans
• Block quotes: Highlight important information
• Links: Clickable URLs with preview cards
• Mentions: @mention users and channels
• Emojis: Both unicode emoji and Teams-specific
• Stickers and GIFs: Optional for casual team cultures

Message Extensions

Powerful Teams-specific features:

• Search-based extensions: Search from the compose box
• Action-based extensions: Right-click any message for AI help
• Link unfurling: Rich previews when you paste URLs
• Compose extensions: Generate content while typing
• Messaging extensions: Quick access to AI features via toolbar

Example: Right-click on a long message thread and select "Summarize conversation" to get an instant summary posted as a reply.

Multi-Tenant Support

Manage multiple Microsoft 365 tenants:

• One OpenClaw instance, many tenants
• Different permissions per tenant
• Shared or isolated memory/context
• Centralized dashboard for management
• Tenant-specific configurations
• Cross-tenant shared channels support

Microsoft Graph Integration

Access the full Microsoft 365 ecosystem:

• Users and groups: Query org chart, group membership
• Calendar: Check availability, schedule meetings
• Mail: Search emails, send messages
• Files: Search across SharePoint, OneDrive, Teams
• Presence: Check if someone is available
• Tasks: Planner, To Do integration
• Sites: SharePoint site search and permissions
• Teams: List teams, channels, membership
• Insights: People you work with, trending documents

Security Features

• SOC 2 Type II certified (HeraClaw Cloud)
• Azure AD authentication: Single sign-on with MFA
• Conditional access: Device compliance, location policies
• Encryption in transit: TLS 1.3
• Encryption at rest: AES-256
• OAuth 2.0: Secure authorization
• Role-based access control: Teams-based permissions
• Audit logging: All interactions logged
• Data loss prevention (DLP): Integration with Microsoft DLP policies
• Information barriers: Respect organizational boundaries
• eDiscovery support: Legal hold and content search
• GDPR compliant: European privacy regulation
• HIPAA available: Protected health information support
• FedRAMP (for GCC High deployments)

Setup Option 1: HeraClaw Cloud (Recommended)

Time required: 60 seconds Technical skill: None Cost: Included in HeraClaw Cloud subscription Best for: 95% of users, all organization sizes

Why HeraClaw Cloud?

• No Azure AD app registration - Most complex part of Teams integration, we handle it
• No tenant admin approval - Pre-approved bot, no IT bottleneck
• No bot framework configuration - Microsoft Bot Framework is complex, we've done it for you
• No Microsoft Graph permissions - We've already configured the necessary API permissions
• No server infrastructure - No Azure resources to provision or manage
• No certificate management - No SSL/TLS certificates to renew
• No uptime monitoring - We monitor 24/7
• Professional support - Email, chat, and phone support included
• Automatic updates - Microsoft Graph API and Teams platform changes handled automatically
• 99.9% uptime SLA - Enterprise reliability guarantee
• Enterprise-grade security - SOC 2, GDPR, HIPAA available

Steps:

1. Sign up for HeraClaw Cloud

• Visit cloud.getopenclaw.ai
• Click "Sign In" (no credit card required)
• Create your account (takes 60 seconds)

2. Navigate to Integrations

• Click "Integrations" in the left sidebar
• Find "Microsoft Teams" in the list
• Click "Connect to Teams"

3. Authorize the Bot

• Microsoft login screen appears
• Sign in with your Microsoft 365 account
• Review permissions (we request minimum necessary)
• Click "Accept"
• If prompted, admin consent may be required (one-time, handled by your IT admin)

4. Configure Teams Access (Optional)

• Back in HeraClaw dashboard
• Choose which teams and channels the assistant can access
• Set permissions (who can interact)
• Configure integrations (SharePoint, Outlook, Planner, etc.)
• Save configuration

5. Add Bot to Teams

• In Microsoft Teams, click "Apps" in left sidebar
• Search for "OpenClaw" (or your bot name)
• Click "Add"
• Choose "Add to a team" or "Add to a chat"
• Select the team/channel

6. Test It

• In the channel where you added the bot, type:
  bashCopy

  @OpenClaw hello!

• You should get an immediate response
• Try asking: @OpenClaw what can you help me with?

That's it! You're up and running.

What You Get with HeraClaw Cloud:

✅ Instant Setup - No Azure configuration, no bot framework, no Graph API ✅ Automatic Updates - We handle Teams platform and Microsoft Graph API changes ✅ Professional Support - Email, chat, and phone support ✅ 99.9% Uptime - SLA-backed reliability ✅ Enterprise Security - SOC 2, GDPR, HIPAA available ✅ Unlimited Tenants - Connect as many Microsoft 365 tenants as you need ✅ Advanced Features - Adaptive Cards, meeting transcription, Graph API access ✅ No Maintenance - We manage Azure resources, scaling, monitoring ✅ Compliance Support - GCC, GCC High, Microsoft 365 Germany available

Pricing: See cloud.getopenclaw.ai/pricing (starts with affordable team plans)

Get Started: Start with HeraClaw Cloud →

Setup Option 2: Self-Hosted (Advanced)

Time required: 2-3 hours (first time), 45-60 minutes (if experienced) Technical skill: Advanced (Azure, Bot Framework, OAuth 2.0) Cost: Azure hosting ($50-200/month) + your time Best for: DevOps engineers, technical teams with strict compliance requirements

Who should self-host?

✅ DevOps engineers comfortable with Azure and Bot Framework ✅ Organizations with strict data residency requirements ✅ Teams already running Azure infrastructure ✅ Technical enthusiasts who want full control ✅ Companies that cannot use third-party SaaS ✅ Government organizations requiring GCC High or DoD compliance

Who should NOT self-host?

❌ Small teams without Azure expertise ❌ Anyone who values time over cost savings ❌ Teams without 24/7 on-call coverage ❌ Organizations without security/compliance teams ❌ Anyone unfamiliar with Microsoft Bot Framework

Prerequisites:

• OpenClaw installed and running (VPS or local)
• Azure subscription (with permissions to create resources)
• Microsoft 365 tenant admin access
• Understanding of OAuth 2.0 and Microsoft Graph API
• Experience with Bot Framework
• Basic PowerShell or Azure CLI knowledge
• SSL certificate (for production)

Detailed Self-Hosted Setup

Step 1: Register Azure AD Application

1. Go to Azure Portal
2. Navigate to "Azure Active Directory" → "App registrations"
3. Click "New registration"
4. Fill in details:
   • Name: "OpenClaw Bot"
   • Supported account types: "Accounts in this organizational directory only"
   • Redirect URI: Leave blank for now
5. Click "Register"
6. Copy the Application (client) ID - you'll need this
7. Copy the Directory (tenant) ID - you'll need this

Step 2: Create Client Secret

1. In your app registration, go to "Certificates & secrets"
2. Click "New client secret"
3. Description: "OpenClaw Bot Secret"
4. Expires: 24 months (or custom)
5. Click "Add"
6. Copy the secret value immediately (it won't be shown again)

Step 3: Configure API Permissions

1. Go to "API permissions" in your app registration
2. Click "Add a permission"
3. Select "Microsoft Graph"
4. Choose "Delegated permissions" first:

Required Delegated Permissions:

• User.Read - Sign in and read user profile
• offline_access - Maintain access to data

1. Click "Add a permission" again
2. Select "Microsoft Graph"
3. Choose "Application permissions" for bot functionality:

Required Application Permissions:

• ChannelMessage.Read.All - Read all channel messages
• ChannelMessage.Send - Send messages to channels
• Chat.Read.All - Read all chat messages (for DMs)
• Chat.ReadWrite.All - Read and write chat messages
• User.Read.All - Read all users' full profiles
• Team.ReadBasic.All - Read all teams' basic info
• TeamsActivity.Send - Send activity feed notifications

Optional Application Permissions (for advanced features):

• Files.Read.All - Read all files
• Sites.Read.All - Read all SharePoint sites
• Calendars.Read - Read all calendars
• Mail.Read - Read all mail
• Tasks.ReadWrite.All - Read and write all tasks
• OnlineMeetings.Read.All - Read all online meetings
• CallRecords.Read.All - Read all call records

1. Click "Grant admin consent for [Your Organization]"
2. Click "Yes" to confirm (requires admin privileges)
3. Verify all permissions show green checkmarks

Step 4: Create Bot Registration

1. Go to Azure Portal
2. Search for "Azure Bot" and click "Create"
3. Or go directly to Bot Services
4. Fill in bot details:
   • Bot handle: openclaw-bot (must be globally unique)
   • Subscription: Your Azure subscription
   • Resource group: Create new or use existing
   • Pricing tier: F0 (Free) or S1 (Standard)
   • Microsoft App ID: Select "Use existing app registration"
   • App ID: Paste your Application (client) ID from Step 1
   • App password: Your client secret from Step 2
5. Click "Review + create"
6. Click "Create"

Step 5: Configure Bot Messaging Endpoint

1. Once the bot is created, go to the bot resource
2. Go to "Configuration" in left sidebar
3. Set "Messaging endpoint":
   • If using tunneling (ngrok/localtunnel): https://your-tunnel-url.ngrok.io/api/messages
   • If using public VPS: https://your-openclaw-domain.com/api/messages
4. Enable the Microsoft Teams channel:
   • Go to "Channels" in left sidebar
   • Click on "Microsoft Teams" icon
   • Click "Apply"
   • Teams channel is now enabled

Step 6: Create Teams App Manifest

Create a folder for your Teams app package:

mkdir openclaw-teams-appcd openclaw-teams-app

Create manifest.json:

{  "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.16/MicrosoftTeams.schema.json",  "manifestVersion": "1.16",  "version": "1.0.0",  "id": "YOUR-APP-ID-FROM-STEP-1",  "packageName": "com.yourcompany.openclaw",  "developer": {    "name": "Your Company",    "websiteUrl": "https://your-company.com",    "privacyUrl": "https://your-company.com/privacy",    "termsOfUseUrl": "https://your-company.com/terms"  },  "icons": {    "color": "color.png",    "outline": "outline.png"  },  "name": {    "short": "OpenClaw",    "full": "OpenClaw AI Assistant"  },  "description": {    "short": "AI assistant for Microsoft Teams",    "full": "OpenClaw brings powerful AI assistance to Microsoft Teams. Ask questions, get summaries, automate workflows - all from within Teams."  },  "accentColor": "#FFFFFF",  "bots": [    {      "botId": "YOUR-APP-ID-FROM-STEP-1",      "scopes": [        "personal",        "team",        "groupchat"      ],      "supportsFiles": true,      "isNotificationOnly": false,      "commandLists": [        {          "scopes": ["personal", "team", "groupchat"],          "commands": [            {              "title": "help",              "description": "Get help using OpenClaw"            },            {              "title": "status",              "description": "Check bot status"            }          ]        }      ]    }  ],  "permissions": [    "identity",    "messageTeamMembers"  ],  "validDomains": [    "your-openclaw-domain.com"  ],  "webApplicationInfo": {    "id": "YOUR-APP-ID-FROM-STEP-1",    "resource": "api://botid-YOUR-APP-ID-FROM-STEP-1"  }}

Create bot icons:

• color.png - 192x192px color icon
• outline.png - 32x32px outline icon (transparent background)

Create the app package:

zip openclaw-teams.zip manifest.json color.png outline.png

Step 7: Configure OpenClaw

Edit your OpenClaw config file (usually ~/.openclaw/config.yaml or ~/.config/openclaw/config.yaml):

channels:  teams:    enabled: true        # From Azure AD App Registration (Step 1)    appId: "YOUR-APPLICATION-CLIENT-ID"    appPassword: "YOUR-CLIENT-SECRET"    tenantId: "YOUR-TENANT-ID"        # Bot configuration    botId: "YOUR-BOT-ID"  # Same as appId    botName: "OpenClaw"        # Messaging endpoint (OpenClaw will listen here)    endpoint: "/api/messages"    port: 3978  # Bot Framework default port        # Optional: Restrict to specific teams    allowedTeams:      - "19:abcd1234...@thread.tacv2"  # Team ID        # Optional: Restrict to specific channels    allowedChannels:      - "19:xyz7890...@thread.tacv2"  # Channel ID        # Optional: Enable features    features:      adaptiveCards: true      fileUpload: true      messageExtensions: true      proactiveMessages: true        # Microsoft Graph API integration    graph:      enabled: true      scopes:        - "https://graph.microsoft.com/.default"            # Optional: SharePoint integration      sharepoint:        enabled: true        siteUrl: "https://yourcompany.sharepoint.com"            # Optional: Outlook integration      outlook:        enabled: true            # Optional: Planner integration      planner:        enabled: true

Finding Team and Channel IDs:

1. In Teams, click "..." next to team name → "Get link to team"
2. The URL contains the team ID: groupId=19:abcd1234...@thread.tacv2
3. For channel ID, click "..." next to channel → "Get link to channel"
4. Or use Microsoft Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer

Step 8: Start OpenClaw

# If running as a servicesudo systemctl restart openclaw# If running directlyopenclaw gateway start --channel teams# Check logsopenclaw gateway logs --follow

What to look for in logs:

✓ Microsoft Teams bot initialized✓ Bot ID: abc123-def456-ghi789✓ Listening on port 3978 for /api/messages✓ Microsoft Graph API connected✓ Ready to receive messages

Step 9: Upload Teams App

For testing (developer tenant):

1. In Microsoft Teams, click "Apps" in left sidebar
2. Click "Manage your apps"
3. Click "Upload an app"
4. Click "Upload a custom app"
5. Select your openclaw-teams.zip file
6. Click "Add" to install for yourself
7. Or click "Add to a team" to install for a team

For production (organization-wide deployment):

1. Go to Teams Admin Center
2. Navigate to "Teams apps" → "Manage apps"
3. Click "Upload new app"
4. Upload your openclaw-teams.zip file
5. Set app availability:
   • Available to everyone
   • Available to specific users/groups
   • Blocked
6. Configure permissions and policies
7. Users can now find the app in Teams app store

Step 10: Test the Integration

1. In Teams, open a team where you installed the bot

2. In any channel, type:

   bashCopy

   @OpenClaw hello!

3. You should get a response within 2-3 seconds

4. Test a 1:1 chat:

   • Click "Chat" in Teams
   • Search for "OpenClaw"
   • Start a conversation
   • Send: "What can you do?"

5. Test file upload:

   • Upload an image
   • @mention the bot: "@OpenClaw describe this image"

6. Test Adaptive Cards (if configured):

   • "@OpenClaw show me an example card"

If it doesn't respond, check logs for errors.

Advanced Self-Hosted Configuration

Multiple Microsoft 365 Tenants

Run one OpenClaw instance across multiple tenants:

channels:  teams:    instances:      main_tenant:        appId: "app-id-tenant-1"        appPassword: "secret-tenant-1"        tenantId: "tenant-1-id"        allowedTeams:          - "19:team1@thread.tacv2"            subsidiary_tenant:        appId: "app-id-tenant-2"        appPassword: "secret-tenant-2"        tenantId: "tenant-2-id"        # Different configuration for this tenant

Custom Message Extensions

Add search and action extensions:

channels:  teams:    messageExtensions:      search:        - id: "searchDocs"          title: "Search Documents"          description: "Search across SharePoint and OneDrive"          handler: "search_documents"            action:        - id: "summarizeThread"          title: "Summarize Conversation"          description: "Get AI summary of this conversation"          handler: "summarize_thread"          context:            - "message"            - "compose"

Adaptive Card Templates

Create reusable card templates:

channels:  teams:    adaptiveCards:      templates:        approval:          type: "AdaptiveCard"          version: "1.4"          body:            - type: "TextBlock"              text: "${title}"              weight: "bolder"              size: "large"            - type: "TextBlock"              text: "${description}"              wrap: true          actions:            - type: "Action.Submit"              title: "Approve"              data:                action: "approve"            - type: "Action.Submit"              title: "Reject"              data:                action: "reject"

Proactive Messaging

Send messages without user prompt:

channels:  teams:    proactive:      enabled: true            # Daily briefings      schedules:        - name: "Daily Standup Reminder"          cron: "0 9 * * 1-5"  # 9 AM weekdays          channel: "19:team@thread.tacv2"          message: "Good morning! Standup in 30 minutes."                - name: "End of Day Summary"          cron: "0 17 * * 1-5"  # 5 PM weekdays          handler: "eod_summary"

Rate Limiting

Protect your bot from abuse:

channels:  teams:    rateLimit:      # Per user limits      perUser:        requests: 30        window: 60  # seconds            # Per channel limits      perChannel:        requests: 100        window: 60            # Global limits      global:        requests: 1000        window: 60

Meeting Integration

Enable meeting transcription and analysis:

channels:  teams:    meetings:      enabled: true            # Real-time transcription      transcription:        enabled: true        language: "en-US"            # Recording analysis      recordings:        enabled: true        autoSummarize: true        extractActionItems: true            # Post-meeting automation      postMeeting:        - action: "summarize"          postToChannel: true        - action: "extractTasks"          createPlannerTasks: true

Troubleshooting Self-Hosted Setup

Bot Not Responding to @Mentions

Symptoms: You @mention the bot in Teams, nothing happens

Potential causes:

1. Bot not properly registered in Azure
2. Messaging endpoint not reachable
3. OpenClaw not running or not listening on correct port
4. App not installed in the team
5. Insufficient permissions

Fix:

# Check OpenClaw is runningopenclaw gateway status# Check logs for errorsopenclaw gateway logs --tail 100 | grep -i teams# Test messaging endpointcurl -X POST https://your-domain.com/api/messages \  -H "Content-Type: application/json" \  -d '{"type":"ping"}'# Should return 200 OK# Verify bot is installed in Teams# Go to Teams → Apps → Manage your apps → OpenClaw should be listed# Restart OpenClawopenclaw gateway restart

"Unauthorized" or "403 Forbidden" Errors

Symptoms: Bot responds but can't perform actions (read messages, send files, etc.)

Potential causes:

1. Missing Microsoft Graph API permissions
2. Admin consent not granted
3. Token expired or invalid
4. Wrong tenant ID

Fix:

1. Go to Azure Portal → Azure AD → App registrations → Your app
2. Click "API permissions"
3. Verify all required permissions are listed
4. Check "Status" column - should show green checkmark (admin consent granted)
5. If not, click "Grant admin consent for [Organization]"
6. Wait 5-10 minutes for permissions to propagate
7. Restart OpenClaw to get new token

# Clear token cacherm ~/.openclaw/cache/teams-token.json# Restartopenclaw gateway restart

Messaging Endpoint Not Reachable

Symptoms: Logs show "Connection refused" or "Endpoint not reachable"

Potential causes:

1. Firewall blocking port 3978
2. Ngrok/tunnel not running
3. SSL certificate issues
4. Incorrect endpoint URL in Azure bot configuration

Fix:

# Test if endpoint is reachablecurl -I https://your-domain.com/api/messages# Should return HTTP 200 or 405 (Method Not Allowed is OK)# If using ngrokngrok http 3978# Copy the HTTPS URL and update Azure bot configuration# Check firewallsudo ufw statussudo ufw allow 3978/tcp# Check OpenClaw is listeningnetstat -tlnp | grep 3978# Should show OpenClaw process listening

Adaptive Cards Not Displaying

Symptoms: Bot sends messages but Adaptive Cards don't render

Potential causes:

1. Invalid Adaptive Card JSON schema
2. Teams version doesn't support card version
3. Card schema validation errors

Fix:

1. Test your Adaptive Card JSON at https://adaptivecards.io/designer/
2. Verify schema version is compatible:
   • Teams desktop: Supports up to v1.5
   • Teams web: Supports up to v1.4
   • Teams mobile: Supports up to v1.3
3. Check OpenClaw logs for card validation errors
4. Use simpler card format and gradually add features

File Uploads Not Working

Symptoms: Upload a file and @mention the bot, no response

Potential causes:

1. Missing Files.Read.All permission
2. File too large
3. Unsupported file type
4. Bot not configured for file uploads

Fix:

1. Add Files.Read.All permission in Azure AD app
2. Grant admin consent
3. Check file size (Teams Free: 2GB, Teams Enterprise: 250GB)
4. Enable file uploads in config:

channels:  teams:    features:      fileUpload: true

1. Restart OpenClaw

Meeting Transcription Not Working

Symptoms: Bot doesn't receive meeting transcription

Potential causes:

1. Missing OnlineMeetings.Read.All permission
2. Transcription not enabled in Teams admin
3. Bot not added to meeting
4. Recording not enabled

Fix:

1. Add required permissions:
   • OnlineMeetings.Read.All
   • CallRecords.Read.All
2. In Teams Admin Center → Meetings → Meeting policies
   • Enable "Transcription"
   • Enable "Cloud recording"
3. Invite bot to meeting:
   • In meeting invite, add bot as attendee
   • Or enable bot for all meetings in config
4. Grant admin consent for permissions

High Latency (Slow Responses)

Symptoms: Bot takes 10+ seconds to respond

Potential causes:

1. Server overloaded
2. Slow model inference
3. Network latency to Azure
4. Large message context
5. Microsoft Graph API throttling

Fix:

# Check OpenClaw resource usagetop -p $(pgrep openclaw)# Check model latencyopenclaw model benchmark# Enable response deferral (send typing indicator)channels:  teams:    typing:      enabled: true  # Shows "OpenClaw is typing..."        # Stream responses for faster perceived speed    streaming:      enabled: true# Check network latency to Azureping management.azure.com# If Graph API throttled, implement retry with backoffchannels:  teams:    graph:      retryPolicy:        maxRetries: 3        backoffMultiplier: 2

"Bot Removed" or "Bot Uninstalled" Errors

Symptoms: Bot was working, now shows as uninstalled

Potential causes:

1. Admin removed the app from tenant
2. User uninstalled the app
3. App manifest updated without reinstall
4. Teams cache issue

Fix:

1. Reinstall the app:
   • Teams → Apps → Manage your apps
   • Search for OpenClaw
   • Click "Add" or "Add to team"
2. If organization-wide deployment, check Teams Admin Center
3. If app manifest changed, upload new version
4. Clear Teams cache:
   • Windows: %appdata%\Microsoft\Teams
   • Mac: ~/Library/Application Support/Microsoft/Teams
   • Delete cache folders and restart Teams

Security Best Practices for Self-Hosted

1. Protect Your Secrets

# Never commit secrets to gitecho "config.yaml" >> .gitignoreecho ".env" >> .gitignore# Use environment variablesexport TEAMS_APP_ID="abc-123-def-456"export TEAMS_APP_PASSWORD="your-secret"export TEAMS_TENANT_ID="tenant-id"# Reference in configchannels:  teams:    appId: ${TEAMS_APP_ID}    appPassword: ${TEAMS_APP_PASSWORD}    tenantId: ${TEAMS_TENANT_ID}# Or use Azure Key Vaultchannels:  teams:    appId: "@Microsoft.KeyVault(SecretUri=https://your-vault.vault.azure.net/secrets/app-id/)"    appPassword: "@Microsoft.KeyVault(SecretUri=https://your-vault.vault.azure.net/secrets/app-secret/)"

2. Implement Least Privilege

Only request Microsoft Graph permissions you actually need:

# Bad: Requesting everythingPermissions: User.Read.All, Mail.Read, Files.Read.All, ...# Good: Only what you usePermissions: ChannelMessage.Read.All, ChannelMessage.Send, Chat.ReadWrite.All

Review permissions quarterly and remove unused ones.

3. Enable Audit Logging

logging:  audit:    enabled: true    logFile: "/var/log/openclaw/audit.log"        # What to log    includeUserInfo: true  # Who asked    includeTimestamps: true  # When    includeChannel: true  # Where (team/channel)    includeMessages: false  # Privacy: don't log message content    includeActions: true  # What actions were taken        # Retention    retention:      days: 365  # Keep for 1 year      archiveToBlob: true  # Archive to Azure Blob Storage

4. Rotate Secrets Regularly

1. Every 90 days, create a new client secret:

   • Azure Portal → Azure AD → App registrations → Your app
   • Certificates & secrets → New client secret
   • Update OpenClaw config
   • Wait 24 hours
   • Delete old secret

2. Automate rotation with Azure Key Vault:

   • Store secrets in Key Vault
   • Enable automatic rotation
   • OpenClaw fetches current secret from Key Vault

5. Implement Conditional Access

Use Azure AD Conditional Access policies:

# Example: Only allow bot access from corporate networkAzure AD → Security → Conditional Access- Create new policy- Users: Bot service principal- Cloud apps: Microsoft Graph- Conditions: Locations = Corporate network only- Access controls: Grant access

6. Monitor for Abuse

channels:  teams:    monitoring:      enabled: true            # Alert on suspicious activity      alerts:        - condition: "requests > 100 per hour from single user"          action: "notify_security_team"                - condition: "file downloads > 50 per hour"          action: "throttle_and_alert"                - condition: "access_denied errors > 10"          action: "alert_admin"            # Send alerts to Teams channel      alertChannel: "19:security-alerts@thread.tacv2"

7. Data Loss Prevention (DLP)

Integrate with Microsoft DLP policies:

channels:  teams:    dlp:      enabled: true            # Block sensitive data from being sent to bot      blockPatterns:        - "creditCard"  # Credit card numbers        - "ssn"  # Social security numbers        - "apiKey"  # API keys            # Alert on sensitive data detection      alertOnDetection: true            # Use Microsoft's DLP policies      useMicrosoftDLP: true

8. Principle of Least Privilege for Users

channels:  teams:    # Only allow specific teams    allowedTeams:      - "19:engineering-team@thread.tacv2"      - "19:sales-team@thread.tacv2"        # Block sensitive teams    blockedTeams:      - "19:executive-team@thread.tacv2"      - "19:hr-confidential@thread.tacv2"        # Role-based access    permissions:      "engineering-team":        - code_access        - github_integration        - azure_devops            "sales-team":        - crm_access        - customer_data

Comparison: HeraClaw Cloud vs Self-Hosted

Why 95% of organizations choose HeraClaw Cloud:

✅ Azure complexity is real - Bot Framework + Graph API + Azure AD is not trivial ✅ Admin approval bottleneck - Tenant admin approval can take weeks in large enterprises ✅ Time is valuable - 2-3 hour setup + ongoing maintenance adds up quickly ✅ Microsoft changes frequently - Graph API deprecations, Teams platform updates ✅ Security is hard - SOC 2 compliance takes months and $100K+ to achieve ✅ Reliability matters - 99.9% SLA vs DIY uptime monitoring ✅ Support is worth it - Email/chat/phone support when Microsoft makes breaking changes ✅ Hidden costs - Azure resources, SSL certs, monitoring tools, incident response time

When self-hosting makes sense:

✅ You have Azure and Bot Framework expertise in-house ✅ Data cannot leave your Azure tenant (compliance/regulatory) ✅ You're already running Azure infrastructure at scale ✅ You need GCC High or DoD compliance (government) ✅ You want to heavily customize the Bot Framework code ✅ You have 24/7 on-call rotation to handle incidents

Frequently Asked Questions

Q: Do I need Microsoft 365 Business or Enterprise?

A: The bot works with all Microsoft 365 plans including Microsoft 365 Business Basic, Business Standard, Business Premium, E3, E5, F3, and even Microsoft Teams Free (with limitations on file size and meeting recordings).

Q: Can I use this across multiple Microsoft 365 tenants?

A: Yes! HeraClaw Cloud supports unlimited tenants. Self-hosted requires configuring each tenant separately with different app registrations.

Q: What permissions does the bot need?

A: Minimum: Read/write messages in channels and chats, read user profiles. Optional: Read files, access SharePoint, read calendar, access Planner. Full list in the setup guide above.

Q: Can I restrict who can use the bot?

A: Yes. Configure team-based access (only certain teams), channel-based (only specific channels), or user-based (specific users via Azure AD groups).

Q: Does it work in private channels?

A: Yes, if you add the bot to the private channel and grant necessary permissions.

Q: Can it work in shared channels (Teams Connect)?

A: Yes, but both organizations must approve the bot. Works great for customer success teams with shared customer channels.

Q: What about government cloud (GCC, GCC High)?

A: HeraClaw Cloud: GCC and GCC High support available. Self-hosted: You can deploy to government clouds with appropriate Azure resources.

Q: Is my data secure?

A: HeraClaw Cloud: SOC 2 Type II certified, encrypted in transit (TLS 1.3) and at rest (AES-256), GDPR compliant, HIPAA available. Self-hosted: Your responsibility, but you control the Azure infrastructure.

Q: Can the bot send proactive messages (without being @mentioned)?

A: Yes! Schedule daily briefings, send alerts based on events (build failures, new support tickets), or trigger messages from Power Automate flows.

Q: What if Microsoft changes the Teams platform or Graph API?

A: HeraClaw Cloud: We handle all platform changes automatically with zero downtime. Self-hosted: You must monitor Microsoft's developer blog and update OpenClaw manually when breaking changes occur.

Q: How fast are responses?

A: Typically 2-4 seconds from @mention to response, depending on:

• Model speed (GPT-4 vs Claude vs local models)
• Context size (longer conversations = slower)
• Query complexity (simple Q&A vs multi-step with Graph API calls)
• Azure region proximity

Q: Can I use Adaptive Cards?

A: Yes. Adaptive Cards are supported for rich, interactive responses with buttons, forms, and actions.

Q: Does it support meeting transcription?

A: Yes. Real-time transcription during meetings and analysis of recorded meetings. Requires OnlineMeetings.Read.All permission.

Q: Can it integrate with SharePoint?

A: Yes. Search documents, retrieve files, check permissions, upload files - all via Microsoft Graph API.

Q: What about Dynamics 365 CRM integration?

A: Yes. Query opportunities, update records, create contacts - if your Microsoft 365 tenant includes Dynamics 365 or you grant Dataverse permissions.

Q: Can I migrate from self-hosted to Cloud?

A: Absolutely. Export your configuration, sign up for HeraClaw Cloud, import settings. We'll help you migrate in under 30 minutes. Most organizations who migrate never go back.

Q: What about message rate limits?

A: Microsoft Graph API has rate limits (varies by endpoint). OpenClaw handles throttling automatically by implementing retry with exponential backoff. Under normal usage, you won't hit limits.

Q: Can it @mention users in responses?

A: Yes, the bot can @mention users if configured (requires User.Read.All permission).

Q: Can I use emoji and GIFs?

A: Yes. The bot can send emoji, GIFs (via URL or search), and stickers (Teams-specific).

Q: What about file size limits?

A: Teams Free: 2GB per file. Teams Business/Enterprise: 250GB per file. The bot can analyze files up to these limits.

Q: Can it integrate with Power Platform?

A: Yes. Trigger Power Automate flows, query Dataverse, integrate with Power Apps - all via Microsoft Graph and Power Platform connectors.

Q: Does it work with Microsoft 365 Groups?

A: Yes. Teams are built on Microsoft 365 Groups. The bot can access group resources (SharePoint site, Planner, group email).

Q: What about mobile support?

A: Full support for Teams mobile apps (iOS and Android). Adaptive Cards are supported but may have limited features compared to desktop.

Q: Can I customize the bot's name and avatar?

A: Yes! In the Teams app manifest, customize:

• Bot display name
• Bot description
• Bot icons (color and outline)
• Accent color

Q: How do I remove the bot?

A: In Teams: Apps → Manage your apps → Find your bot → Remove. For organization-wide apps, admin removes from Teams Admin Center. Then disable in HeraClaw or OpenClaw config.

Q: What languages are supported?

A: The bot works in any language supported by the underlying AI model. Teams interface is available in 40+ languages.

Q: Can it work with external users (guests)?

A: Yes, if your Teams policies allow guest access. You can configure whether guests can interact with the bot.

Q: What about compliance and eDiscovery?

A: All bot messages are stored in Teams and available for eDiscovery, legal hold, and compliance search just like regular Teams messages.

Get Started

For 95% of organizations (recommended):

Start with HeraClaw Cloud →

• 60-second setup
• No Azure expertise needed
• No tenant admin approval delays
• Professional support
• 99.9% uptime SLA
• No credit card required to try

For advanced users with Azure expertise:

Self-Hosting Setup Guide →

• 2-3 hour setup
• Requires Azure + Bot Framework skills
• You maintain infrastructure
• Full control and customization
• Government cloud support

Questions? Email support@cloud.getopenclaw.ai or join our community for help.

Last updated: April 10, 2026

Built with OpenClaw — The open-source AI assistant platform. Self-host or use HeraClaw Cloud.