Enabling Cross-Tenant Authentication for Teams Apps with Single-Tenant Bot

Hello Team,

I am working on implementing authentication for a Teams application using the Microsoft 365 Agents SDK. Following Microsoft’s current guidance, I have:

• Registered a single-tenant Azure AD bot.
• Integrated Azure AD authentication.
• Prepared for AppSource distribution as the long-term supported method for cross-tenant availability.

However, I am still facing challenges in reliably enabling sign-in for external users from other tenants. Specifically:

• The cross-tenant sign-in flow remains unclear.
• Validating authentication across multiple tenants is difficult without official end-to-end guidance.
• Existing samples and documentation primarily address single-tenant or internal-only scenarios.

As of now, authentication for external users is still difficult to get working and validate consistently across tenants.

Could you provide detailed guides, samples, or best practices for:

1. Enabling authentication for external users in this single tenant + AppSource distribution model.
2. Recommended patterns for testing cross-tenant authentication before AppSource submission.
3. Any roadmap considerations for simplifying this scenario.

This would help ensure Teams apps can meet compliance requirements while still delivering a smooth sign-in experience for users across organizations.

Thank You,

Chetan