Power Platform Community Forum Thread Details

Starting 2026-05-27 ~03:30 UTC, our Copilot Studio agent stopped being able to invoke its custom connector from Microsoft Teams. The agent is reachable in Teams — conversational/system interactions work — but every connector tool call returns:

The connector returned an HTTP error with code 403.
Inner Error: Error from token exchange: Permission denied due to missing connection ACL

Setup: Custom connector with x-api-key, maker-provided credentials (I'm the connection owner), "Authenticate with Microsoft" Entra SSO. Agent and connection in the same Default environment.

Behavior:

✅ Copilot Studio test pane works

✅ Microsoft 365 Copilot channel works

✅ Direct API calls work

✅ In Teams, system topics ("Start over," "What can you do") respond fine

❌ In Teams, any prompt that invokes the connector fails at the token-exchange step

❌ The connection owner is also denied (not just end users)

Tried (none resolved it): republishing, re-adding the agent in Teams, deleting and recreating the connection from scratch (new GUID, same error).

Why I think this is service-side:

Another customer posted an essentially identical error today in a completely different setup — different tenant, managed Prod environment, built-in Azure Blob Storage connector, service principal auth:

https://learn.microsoft.com/en-ca/answers/questions/5903486/copilot-studio-agent-the-connector-azure-blob-stor

Two unrelated tenants, different connectors, different auth methods, same missing connection ACL token-exchange error in the Teams channel within hours of each other points to a Microsoft service-side issue, not per-tenant config.

Questions: