Unanswered

How to Revoke Access for Security Group Members in Copilot Studio Deployed to Microsoft Teams?

(1) Share

Report

Posted on by sshinya

Hello everyone,

I'm currently deploying Copilot from Copilot Studio to Microsoft Teams for testing purposes. I have downloaded the app as a ZIP file and uploaded it as a custom developer app. Here's the issue I'm facing:

I have granted access to the app to users belonging to a specific security group and uploaded the app, confirming that authentication passes correctly.
Later, I revoked the access permissions for that security group. According to my expectations, users should experience a session timeout after 30 minutes of inactivity, leading to a failed authentication attempt on the next use.
However, even after the specified time has passed, the authentication tokens remain valid, and users can continue using the app.
This issue specifically occurs with Teams authentication. When using Entra ID authentication, users experience the expected authentication failure after the token expires.
Uninstalling and reinstalling the application results in revalidating the authentication, allowing users to use the app again, even if it uses Entra ID authentication.
Even after restarting the Teams app or the device, the authentication remains valid.

Could anyone advise on how to effectively revoke access for users in a security group once the shared access to the security group has been disabled? Any insights or solutions would be greatly appreciated.

Thank you!

Categories:

Building Copilot Studio chatbots in Microsoft Teams

I have the same question (0)

All responses (2)

Answers (0)

Umianta 290 on at

Like (0)

Report

I believe that uploading the chatbot manifest directly to Teams bypasses the security group for authentication. Instead, try publishing the chatbot directly to Teams from Copilot Studio, ensuring the security group is applied.

If this solution has helped resolve your issue,
⭐Please mark it as a solution or give my solution a like.
Always glad to help and your support is always appreciated!

Was this reply helpful? Yes No
sshinya 4 on at

Like (0)

Report

> I believe that uploading the chatbot manifest directly to Teams bypasses the security group for authentication. Instead, try publishing the chatbot directly to Teams from Copilot Studio, ensuring the security group is applied.

Based on my checks, users who are not part of the security group shared with Copilot can indeed upload and install the ZIP file, but they will encounter authentication failures and thus be unable to use it. However, once the security group is shared, usage becomes possible. The real issue arises after the sharing with the security group is disabled. As I have mentioned, the usage permissions do not get revoked as they should.

Due to our security policies, it seems challenging to publish directly to the Teams app store. That's why we are thoroughly exploring this method of distribution.

Was this reply helpful? Yes No