"Authorization has been denied for this request"

Hello,

We’re encountering an issue with sending proactive messages to Microsoft Teams. We have multiple tenants, and in one of them the REST API works correctly. The app registration is multi-tenant, and we obtain the access token from https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token, which works without any problems.

However, in another tenant the same flow fails with "Authorization has been denied for this request", even though we are still able to retrieve the access token. After decoding both tokens, everything matches except for the tid.

I also tried switching the app to single-tenant and requesting the token from https://login.microsoftonline.com/<my-tenant-id>/oauth2/v2.0/token. This returns a valid token, but using it to send a proactive message results in the same authorization error.

My understanding from recent documentation is that multi-tenant bot creation has been deprecated and bots should now migrate to a single-tenant model. Does this also apply to bots created in the Developer Portal? The Bot Framework REST API documentation doesn’t explicitly mention any changes:

https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-authentication?view=azure-bot-service-4.0&tabs=multitenant#bot-to-connector

I could also see multiple users facing the same issue, so is there a bug that is currently preventing some tenants from using the service?