Unable to authenticate with MSAL using a certificate
Hi guys, I'm using the certificate authentication for my WinForms app to connect to SharePoint and Graph API. I followed this article to create the certificate https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-self-signed-certificate Uploaded the certificate to the App Registration, gave all appropriate permissions. However, when I tried to connect to SharePoint or the Graph API, I got this error A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700021: Client assertion application identifier doesn't match 'client_id' parameter. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Microsoft.Graph.ServiceException: Code: generalException Message: An error occurred sending the request. BUT, this only happened on 1 specific machine running Windows 11 Pro. I tested on 4-5 different machines (both W10 and W11), they didn't get this error. I tried verifying the cert thumbprint which matched the one uploaded on the App Registrations. The certificate is not stored in the machine cert store, I use X509KeyStorageFlags.EphemeralKeySet when calling it. Not sure what else to check.How to set a field column of type person for a folder in Sharepoint via the REST API
On Sharepoint I create a column of type person/group (lets say "projectlead"). Now I want to create folders and after the creation I want to set this column via the graph api. I already tested this with a column of type text (single line) successfully via: POST https://{{tenant_url}}/sites/{{site}}/_api/web/lists/getbytitle('Dokumente')/items({{ItemId}})/ValidateUpdateListItem() header: Accept: application/json;odata=verbose Content-Type: application/json;odata=verbose body: { "formValues": [ { "FieldName": "projectlead", "FieldValue": "someUserIdOrName" } ], "bNewDocumentUpdate": false } I heard that it is not possible for folders, but couldn't finde anything specific about it. Is it possible and if, how? I tried several things, but nothing worked for me.
Affordable Conference Room Setups for Small Businesses Using Microsoft Teams Resource Accounts
Our small business (around 40 users) recently migrated from Google to Microsoft 365, and we’re facing several challenges in optimizing our meeting rooms for Teams without incurring large costs. Here’s our current setup and the main issues we are encountering—hoping for advice or creative solutions from the community. Current Setup All computers are domain-joined. We created resource accounts for each of our three meeting rooms; these appear correctly as Rooms in Outlook and Teams booking menus. Each meeting room contains a standard desktop PC (not MTR-certified) running Windows, logged into Teams as the room’s resource account. Employees use the meeting room computer to join calls and manage the meeting calendar. Current Issues Wireless Presenting (Casting): Teams’ wireless casting feature appears to require MTR-certified hardware, which is financially out of reach for a business our size. Unplugging and plugging HDMI cables is cumbersome and error-prone, especially since not everyone uses a laptop, and reconnecting the room PC is often forgotten. Agenda & Calendar Privacy: When meetings are booked, the full Teams agenda and chat history remain accessible on the meeting room machine. That means anyone in the room can view past meetings/agendas, which isn’t ideal from a privacy perspective. Screen Sharing and File Security: To present from the meeting room PC, any files must be accessible by the resource account, creating additional security concerns and sharing/permission headaches. What We’re Looking For Affordable wireless presenting options for meeting rooms—ideally something that integrates smoothly with Microsoft Teams, but without requiring full MTR hardware. Best practices to lock down or reset the meeting room PC so meeting agendas, chats, and files are not visible after a session. Secure ways to allow guests to present (screen share, share files, etc.) without exposing company data or making users jump through complicated permission processes. If anyone has experience setting up small, cost-effective Teams Rooms, especially with regular PCs rather than dedicated MTR devices, advice would be greatly appreciated! Specific steps, hardware/software recommendations, or management tips would all be helpful. Thanks in advance for any guidance!
Azure Bot not joining meeting - Server Internal Error. DiagCode: 500#1203002.@
This problem has been bothering me for about two weeks and I haven’t found a solution yet. I’d really appreciate your help. Environment Setup 1.Development Tool: Visual Studio 2022 2.Deployment: The service is hosted on AWS. In AWS Networking, both TCP and UDP port 14217 are opened. The operating system is Windows Server 2022, and the firewall has been disabled temporarily for testing. 3.Certificate: A wildcard SSL certificate issued by Let’s Encrypt (CN = *.bottest.com, RSA-based) has been installed under LocalMachine\My certificate store. 4.Reverse Proxy: Both HTTPS and TCP traffic are forwarded through Nginx. http { server { listen 80; server_name localhost; } server { listen 443 ssl; server_name signaling.bottest.com; ssl_certificate fullchain.pem; ssl_certificate_key privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://127.0.0.1:5001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } } stream { upstream dotnet_app_tcp { server 127.0.0.1:8445; } server { listen 14217 ssl; ssl_certificate fullchain.pem; ssl_certificate_key privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_pass dotnet_app_tcp; } } 5. The bot’s Application Permissions have also been granted, as shown in the figure below: 6. Bot initialization var mediaPlatformSettings = new MediaPlatformSettings { ApplicationId = _botConfig.MicrosoftAppId, MediaPlatformInstanceSettings = new MediaPlatformInstanceSettings { CertificateThumbprint = _botConfig.CertificateThumbprint, // LocalMachine/My certificate-*.bottest.com-thumbprint InstanceInternalPort = 8445, InstancePublicPort = 14217, InstancePublicIPAddress = IPAddress.Parse("18.181.xx.xx"), // AWS public IP ServiceFqdn = "media.bottest.com" } }; _communicationsClient = new CommunicationsClientBuilder("IMediaSessionBot", _botConfig.MicrosoftAppId, _graphLogger) .SetAuthenticationProvider(_authProvider) .SetServiceBaseUrl(new Uri("https://graph.microsoft.com/v1.0")) .SetNotificationUrl(new Uri($"{_botConfig.PublicUrl}/api/calls")) .SetMediaPlatformSettings(mediaPlatformSettings) .SetHttpClient(httpClient) .Build(); _communicationsClient.Calls().OnIncoming += this.OnIncomingCall; _communicationsClient.Calls().OnUpdated += OnCallUpdated; } 7.join meeting var scenarioId = Guid.NewGuid(); var meetingDetails = MeetingUrlParser.Parse(meetingUrl); var chatInfo = new ChatInfo { ThreadId = meetingDetails.ThreadId }; var meetingInfo = new JoinMeetingIdMeetingInfo { JoinMeetingId = _botConfig.MeetingID, Passcode = _botConfig.MeetingPasscode, AdditionalData = new Dictionary<string, object> { { "allowConversationWithoutHost" , true }, }, }; ILocalMediaSession mediaSession = this.CreateLocalMediaSession(); var joinParams = new JoinMeetingParameters(chatInfo, meetingInfo, mediaSession) { TenantId = tenantId, AllowGuestToBypassLobby = true }; try { _activeCall = await _communicationsClient.Calls().AddAsync(joinParams, scenarioId).ConfigureAwait(false); _logger.LogInformation($"Successfully initiated the add-participant request, Call ID:: {_activeCall.Id}"); } catch (ODataError ex) { Console.WriteLine($"{DateTime.Now:yyyy-MM-dd HH:mm:ss.fff} Failed to initiate the call: .ex={ex.ToString()}"); throw; } private ILocalMediaSession CreateLocalMediaSession(Guid mediaSessionId = default(Guid)) { var mediaSession = this._communicationsClient.CreateMediaSession( new AudioSocketSettings { StreamDirections = StreamDirection.Recvonly, SupportedAudioFormat = AudioFormat.Pcm16K, ReceiveUnmixedMeetingAudio = true, EnableAudioHealingForUnmixed = true }, new VideoSocketSettings { StreamDirections = StreamDirection.Inactive }, mediaSessionId: mediaSessionId); return mediaSession; } 8.call back(SetNotificationUrl(new Uri($"{_botConfig.PublicUrl}/api/calls"))) State at first attempt:Notification payload: {"@odata.type":"#microsoft.graph.commsNotifications","value":[{"@odata.type":"#microsoft.graph.commsNotification","changeType":"updated","resource":"/app/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceUrl":"/communications/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceData":{"@odata.type":"#microsoft.graph.call","state":"establishing","chatInfo":{"@odata.type":"#microsoft.graph.chatInfo","threadId":"19:meeting_MzIyMTYzOTMtMGYyNi00OTE2LTg2NjUtYmU4ZDlhYmY2ZmRj@thread.v2"},"meetingInfo":{"@odata.type":"#microsoft.graph.joinMeetingIdMeetingInfo","joinMeetingId":"4130864187312","passcode":"P7GY7Vv2","allowConversationWithoutHost":true},"callChainId":"b50a00dc-74da-42b0-966a-e88dea7e6087"}}]} State at second attempt:Notification payload: {"@odata.type":"#microsoft.graph.commsNotifications","value":[{"@odata.type":"#microsoft.graph.commsNotification","changeType":"deleted","resource":"/app/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceUrl":"/communications/calls/07004d80-44b9-479e-bb43-2d5983e3f235","resourceData":{"@odata.type":"#microsoft.graph.call","state":"terminated","resultInfo":{"@odata.type":"#microsoft.graph.resultInfo","code":500,"subcode":1203002,"message":"Server Internal Error. DiagCode: 500#1203002.@"},"chatInfo":{"@odata.type":"#microsoft.graph.chatInfo","threadId":"19:meeting_MzIyMTYzOTMtMGYyNi00OTE2LTg2NjUtYmU4ZDlhYmY2ZmRj@thread.v2"},"meetingInfo":{"@odata.type":"#microsoft.graph.joinMeetingIdMeetingInfo","joinMeetingId":"4130864187312","passcode":"P7GY7Vv2","allowConversationWithoutHost":true},"callChainId":"b50a00dc-74da-42b0-966a-e88dea7e6087"}}]} Here, an error occurred: 500 #1203002. 9. Based on the packet capture, the issue seems to be related to interactions with /MediaProcessor/v1. It’s unclear whether this is due to a protocol mismatch or a certificate mismatch, as shown in the figure below: 10.Database schema (DDL) dependencies required by the bot <ItemGroup> <PackageReference Include="Microsoft.ApplicationInsights.WorkerService" Version="2.23.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="1.24.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.ApplicationInsights" Version="1.4.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.Core" Version="1.20.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Http" Version="3.3.0" /> <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" Version="1.18.1" /> <PackageReference Include="Microsoft.AspNetCore" Version="2.1.3" /> <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.1.2" /> <PackageReference Include="Microsoft.Bot.Builder.Integration.AspNet.WebApi" Version="4.22.1" /> <PackageReference Include="Microsoft.CognitiveServices.Speech" Version="1.46.0" /> <PackageReference Include="Microsoft.Graph.Communications.Calls.Media" Version="1.2.0.10563" /> <PackageReference Include="Microsoft.Graph.Communications.Core" Version="1.2.0.10563" /> <PackageReference Include="Microsoft.Graph.Core" Version="3.1.3" /> <PackageReference Include="Microsoft.IO.RecyclableMemoryStream" Version="3.0.1" /> <PackageReference Include="Microsoft.ServiceFabric.AspNetCore.HttpSys" Version="3.2.187" /> <PackageReference Include="Microsoft.Skype.Bots.Media" Version="1.31.0.180" /> <PackageReference Include="Microsoft.Kiota.Http.HttpClientLibrary" Version="1.3.3" /> </ItemGroup> 11.The certificate has also been uploaded to Azure, as shown in the figure:
how to achieve private stage view for custom team app in meeting
I’m working on a custom Microsoft Teams app that will be added to a meeting. My goal is to have the app load in a private stage view as a popout when clicked, so that only the user who clicked it can see the content, without broadcasting it to all meeting attendees. I've created a custom Teams app for meetings, but I'm facing an issue with the viewing behavior. Currently, when a user clicks the app during a meeting, the content first loads in the side panel. The user then has to click a "Share" button to push the content to the main meeting stage, which makes it visible to all attendees. However, what I want is for the app to immediately open in a private stage view (as a popout) when clicked, without showing anything in the side panel and without requiring the user to manually share it. The content should only be visible to the individual user, not broadcast to the entire meeting.AMA: Azure AI Foundry Voice Live API: Build Smarter, Faster Voice Agents
Join us LIVE in the Azure AI Foundry Discord on the 14th October, 2025, 10am PT to learn more about Voice Live API Voice is no longer a novelty, it's the next-gen interface between humans and machines. From automotive assistants to educational tutors, voice-driven agents are reshaping how we interact with technology. But building seamless, real-time voice experiences has often meant stitching together a patchwork of services: STT, GenAI, TTS, avatars, and more. Until now. Introducing Azure AI Foundry Voice Live API Launched into general availability on October 1, 2025, the Azure AI Foundry Voice Live API is a game-changer for developers building voice-enabled agents. It unifies the entire voice stack—speech-to-text, generative AI, text-to-speech, avatars, and conversational enhancements, into a single, streamlined interface. That means: ⚡ Lower latency 🧠 Smarter interactions 🛠️ Simplified development 📈 Scalable deployment Whether you're prototyping a voice bot for customer support or deploying a full-stack assistant in production, Voice Live API accelerates your journey from idea to impact. Ask Me Anything: Deep Dive with the CoreAI Speech Team Join us for a live AMA session where you can engage directly with the engineers behind the API: 🗓️ Date: 14th Oct 2025 🕒 Time: 10am PT 📍 Location: https://aka.ms/foundry/discord See the EVENTS 🎤 Speakers: Qinying Liao, Principal Program Manager, CoreAI Speech Jan Gorgen, Senior Program Manager, CoreAI Speech They’ll walk through real-world use cases, demo the API in action, and answer your toughest questions, from latency optimization to avatar integration. Who Should Attend? This AMA is designed for: AI engineers building multimodal agents Developers integrating voice into enterprise workflows Researchers exploring conversational UX Foundry users looking to scale voice prototypes Why It Matters Voice Live API isn’t just another endpoint, it’s a foundation for building natural, responsive, and production-ready voice agents. With Azure AI Foundry’s orchestration and deployment tools, you can: Skip the glue code Focus on experience design Deploy with confidence across platforms Bring Your Questions Curious about latency benchmarks? Want to know how avatars sync with TTS? Wondering how to integrate with your existing Foundry workflows? This is your chance to ask the team directly.Build enterprise-ready AI agents with confidence: Microsoft AI agent envisioning series
In today’s fast-paced software landscape, keeping up with new technologies and frameworks to build secure, scalable, and enterprise-ready AI apps and agents is more critical—and more complex—than ever. The Microsoft AI Agent Envisioning Series is a four-part webinar experience designed to equip software development companies with the frameworks, tools, and strategies needed to build, publish and monetize AI agents using Azure AI Foundry and the Microsoft Marketplace. Whether you're launching new solutions or evolving existing ones, this series will help you accelerate development, ensure compliance, and scale with confidence. Why Attend? Software companies are racing to deliver intelligent, autonomous solutions that scale. But building commercially viable AI agents that are secure, compliant, and enterprise-ready is no small feat. That’s why we created the Microsoft AI Agent Envisioning Series—a webinar series designed to help you build, publish, and monetize AI agents using Azure AI Foundry, with your preferred coding practices and standards. What You’ll Gain Each session delivers step-by-step guidance, technical best practices, and business strategy to help you: Architect AI agents for real-world business impact Package and publish your solution on the Microsoft Marketplace Build trust with enterprise customers through security and compliance Monetize with confidence using proven go-to-market frameworks The Sessions *It is not required to take the sessions in order. Session 1: Introduction to AI Agent Opportunities and Azure AI Foundry Explore the evolution from general LLMs to specialized agents. Learn how Azure AI Foundry simplifies development and unlocks new monetization paths. Session 2: Architecting AI Solutions for Marketplace Monetization Use the Marketplace Lean Canvas to define your agent’s value. Learn how to optimize cost, select models, and align pricing with customer outcomes. Session 3: Publishing & Releasing Your AI Agent Solution Get your solution marketplace-ready. Learn how to configure SaaS and container offers, meet compliance requirements, and find your buyers. Session 4: Winning Customer Confidence with Trustworthy AI and Production-Ready Architecture Dive into the Azure Well-Architected Framework for AI. Learn how to implement observability, tracing, and enterprise-grade security. Built for Software Development Companies Whether you're building net-new agents or transforming existing apps, this series will help you: Accelerate development with Azure AI Foundry templates and SDKs Ensure compliance with SOC 2, GDPR, HIPAA, and ISO 27001 Publish confidently with Partner Center and Marketplace certification Scale globally with Azure’s infrastructure and co-sell programs Ready to Build AI Agents That Scale? Join us and get the frameworks, tools, and strategies to build AI agents that enterprises trust, IT departments approve, and customers love. Register now for the AI Envisioning Day to access all the sessions and start your journey from idea to customer impact.From Cloud to Chip: Building Smarter AI at the Edge with Windows AI PCs
As AI engineers, we’ve spent years optimizing models for the cloud, scaling inference, wrangling latency, and chasing compute across clusters. But the frontier is shifting. With the rise of Windows AI PCs and powerful local accelerators, the edge is no longer a constraint it’s now a canvas. Whether you're deploying vision models to industrial cameras, optimizing speech interfaces for offline assistants, or building privacy-preserving apps for healthcare, Edge AI is where real-world intelligence meets real-time performance. Why Edge AI, Why Now? Edge AI isn’t just about running models locally, it’s about rethinking the entire lifecycle: - Latency: Decisions in milliseconds, not round-trips to the cloud. - Privacy: Sensitive data stays on-device, enabling HIPAA/GDPR compliance. - Resilience: Offline-first apps that don’t break when the network does. - Cost: Reduced cloud compute and bandwidth overhead. With Windows AI PCs powered by Intel and Qualcomm NPUs and tools like ONNX Runtime, DirectML, and Olive, developers can now optimize and deploy models with unprecedented efficiency. What You’ll Learn in Edge AI for Beginners The Edge AI for Beginners curriculum is a hands-on, open-source guide designed for engineers ready to move from theory to deployment. Multi-Language Support This content is available in over 48 languages, so you can read and study in your native language. What You'll Master This course takes you from fundamental concepts to production-ready implementations, covering: Small Language Models (SLMs) optimized for edge deployment Hardware-aware optimization across diverse platforms Real-time inference with privacy-preserving capabilities Production deployment strategies for enterprise applications Why EdgeAI Matters Edge AI represents a paradigm shift that addresses critical modern challenges: Privacy & Security: Process sensitive data locally without cloud exposure Real-time Performance: Eliminate network latency for time-critical applications Cost Efficiency: Reduce bandwidth and cloud computing expenses Resilient Operations: Maintain functionality during network outages Regulatory Compliance: Meet data sovereignty requirements Edge AI Edge AI refers to running AI algorithms and language models locally on hardware, close to where data is generated without relying on cloud resources for inference. It reduces latency, enhances privacy, and enables real-time decision-making. Core Principles: On-device inference: AI models run on edge devices (phones, routers, microcontrollers, industrial PCs) Offline capability: Functions without persistent internet connectivity Low latency: Immediate responses suited for real-time systems Data sovereignty: Keeps sensitive data local, improving security and compliance Small Language Models (SLMs) SLMs like Phi-4, Mistral-7B, Qwen and Gemma are optimized versions of larger LLMs, trained or distilled for: Reduced memory footprint: Efficient use of limited edge device memory Lower compute demand: Optimized for CPU and edge GPU performance Faster startup times: Quick initialization for responsive applications They unlock powerful NLP capabilities while meeting the constraints of: Embedded systems: IoT devices and industrial controllers Mobile devices: Smartphones and tablets with offline capabilities IoT Devices: Sensors and smart devices with limited resources Edge servers: Local processing units with limited GPU resources Personal Computers: Desktop and laptop deployment scenarios Course Modules & Navigation Course duration. 10 hours of content Module Topic Focus Area Key Content Level Duration 📖 00 Introduction to EdgeAI Foundation & Context EdgeAI Overview • Industry Applications • SLM Introduction • Learning Objectives Beginner 1-2 hrs 📚 01 EdgeAI Fundamentals Cloud vs Edge AI comparison EdgeAI Fundamentals • Real World Case Studies • Implementation Guide • Edge Deployment Beginner 3-4 hrs 🧠 02 SLM Model Foundations Model families & architecture Phi Family • Qwen Family • Gemma Family • BitNET • μModel • Phi-Silica Beginner 4-5 hrs 🚀 03 SLM Deployment Practice Local & cloud deployment Advanced Learning • Local Environment • Cloud Deployment Intermediate 4-5 hrs ⚙️ 04 Model Optimization Toolkit Cross-platform optimization Introduction • Llama.cpp • Microsoft Olive • OpenVINO • Apple MLX • Workflow Synthesis Intermediate 5-6 hrs 🔧 05 SLMOps Production Production operations SLMOps Introduction • Model Distillation • Fine-tuning • Production Deployment Advanced 5-6 hrs 🤖 06 AI Agents & Function Calling Agent frameworks & MCP Agent Introduction • Function Calling • Model Context Protocol Advanced 4-5 hrs 💻 07 Platform Implementation Cross-platform samples AI Toolkit • Foundry Local • Windows Development Advanced 3-4 hrs 🏭 08 Foundry Local Toolkit Production-ready samples Sample applications (see details below) Expert 8-10 hrs Each module includes Jupyter notebooks, code samples, and deployment walkthroughs, perfect for engineers who learn by doing. Developer Highlights - 🔧 Olive: Microsoft's optimization toolchain for quantization, pruning, and acceleration. - 🧩 ONNX Runtime: Cross-platform inference engine with support for CPU, GPU, and NPU. - 🎮 DirectML: GPU-accelerated ML API for Windows, ideal for gaming and real-time apps. - 🖥️ Windows AI PCs: Devices with built-in NPUs for low-power, high-performance inference. Local AI: Beyond the Edge Local AI isn’t just about inference, it’s about autonomy. Imagine agents that: - Learn from local context - Adapt to user behavior - Respect privacy by design With tools like Agent Framework, Azure AI Foundry and Windows Copilot Studio, and Foundry Local developers can orchestrate local agents that blend LLMs, sensors, and user preferences, all without cloud dependency. Try It Yourself Ready to get started? Clone the Edge AI for Beginners GitHub repo, run the notebooks, and deploy your first model to a Windows AI PC or IoT devices Whether you're building smart kiosks, offline assistants, or industrial monitors, this curriculum gives you the scaffolding to go from prototype to production.
Teams Tab Blazor App Works in Web but Not Desktop – SSO / Access Denied Issue
Hi all, I have developed a Teams tab application using Blazor with Azure AD SSO. It works perfectly in the Teams Web interface, but fails in Teams Desktop app. Troubleshooting details If you contact your administrator, send this info to them. Copy info to clipboard ✔ Copied Correlation Id: 2607e281-e81f-429f-95b6-755f4b30968d Timestamp: 2025-10-07T09:42:34.000Z DPTI: d2bf8e81894be21be1d5e1818fa47b2d8975c91c3d0eceb6622a99cc1fc8b8f1 Message: Access denied for the resource. Tag: 4usp7 Code: 3399614468 I would appreciate guidance on how to make the Blazor Teams tab work in both Web and Desktop using SSO. Thanks! TahirApp Advisor updates: Build smarter, publish faster with these new features
The App Advisor experience has been enhanced to help you build smarter and publish faster to the Microsoft Marketplace. The six new features make it easier to stay focused, move faster, and scale smarter with apps and agents. Whether you are in the planning, building, or publishing phase of your journey, the new features are designed to meet you where you are, offering curated guidance and actionable insights. Learn how the updates can help you today. Build smarter, publish faster: Here’s what’s new in App Advisor
