AI Foundry Agent Authorization Error - Teams Deployment Fails for External Users Despite Correct Azure RBAC Permissions

Question

AI Foundry Agent Authorization Error - Teams Deployment Fails for External Users Despite Correct Azure RBAC Permissions

Shashank Kumar Mandaloju 0

Issue: Users cannot execute an AI Foundry agent deployed to Microsoft Teams. The agent returns an authorization error requiring project-level write permissions that cannot be granted through the UI.

Environment:

Azure AI Foundry (New Experience)
Agent deployed to Microsoft Teams via Bot Service
All users have appropriate IAM roles assigned

Error Message:

Authorization error encountered when processing your request. 
Please ensure that the user has Microsoft.CognitiveServices/accounts/AIServices/agents/write 
action on the project. This is typically done by assigning the Azure AI User built-in role to the user.

Configuration Attempted:

Assigned "Azure AI Developer" role at resource level - inherited to project
Assigned "Cognitive Services Contributor" role at resource level - inherited to project
Added roles at project-level IAM - all show as "inherited access"
MCP tool authentication is configured with "Project Managed Identity"
Bot Service messaging endpoint configured correctly
Teams manifest webApplicationInfo resource URL corrected

The Core Problem:

Agent works perfectly in AI Foundry Playground
Agent fails in Teams for all users except the original deployer
Project-level "Add user" button is greyed out in AI Foundry (Admin → Users tab)
ALL users, including Owners, show "Inherited access" only
No users have direct project-level permission assignments
Agent runtime appears to reject inherited permissions

What We've Tried:

Multiple role combinations (Azure AI Developer, Cognitive Services Contributor, Azure AI Owner)
Assigning roles at both resource and project IAM levels
Waiting for permission propagation (24+ hours)
Re-deploying the agent
Updating Teams app package
Different user accounts

Expected Behavior: Either:

Users with an inherited Azure AI Developer role should be able to execute agents, OR
Project Owners should be able to add direct project-level permissions via the UI

Actual Behavior:

UI won't allow direct project permission assignments
Agent runtime rejects inherited permissions
Creates an impossible permission scenario

Question: Is this a known limitation? How can we grant the required project-level permissions when the "Add user" button is disabled? Is there a CLI command or API to add direct project permissions?
Issue: Users cannot execute an AI Foundry agent deployed to Microsoft Teams. The agent returns an authorization error requiring project-level write permissions that cannot be granted through the UI.

Environment:

Azure AI Foundry (New Experience)
Agent deployed to Microsoft Teams via Bot Service
All users have appropriate IAM roles assigned

Error Message:

Authorization error encountered when processing your request. 
Please ensure that the user has Microsoft.CognitiveServices/accounts/AIServices/agents/write 
action on the project. This is typically done by assigning the Azure AI User built-in role to the user.

Configuration Attempted:

Assigned "Azure AI Developer" role at resource level - inherited to project
Assigned "Cognitive Services Contributor" role at resource level - inherited to project
Added roles at project-level IAM - all show as "inherited access"
MCP tool authentication configured with "Project Managed Identity"
Bot Service messaging endpoint configured correctly
Teams manifest webApplicationInfo resource URL corrected

The Core Problem:

Agent works perfectly in AI Foundry Playground
Agent fails in Teams for all users except the original deployer
Project-level "Add user" button is greyed out in AI Foundry (Admin → Users tab)
ALL users, including Owners, show "Inherited access" only
No users have direct project-level permission assignments
Agent runtime appears to reject inherited permissions

What We've Tried:

Multiple role combinations (Azure AI Developer, Cognitive Services Contributor, Azure AI Owner)
Assigning roles at both resource and project IAM levels
Waiting for permission propagation (24+ hours)
Re-deploying the agent
Updating Teams app package
Different user accounts

Expected Behavior: Either:

Users with inherited Azure AI Developer role should be able to execute agents, OR
Project Owners should be able to add direct project-level permissions via the UI

Actual Behavior:

UI won't allow direct project permission assignments
Agent runtime rejects inherited permissions
Creates impossible permission scenario

Question: Is this a known limitation? How can we grant the required project-level permissions when the "Add user" button is disabled? Is there any alternative way to resolve this issue? My team really needs it to be propagated through Microsoft Teams itself. That's the optimal use case we have.

0 comments

2 answers

Your answer

Answer 1

Pilladi Padma Sai Manisha 7,390 Microsoft External Staff Moderator

Hi Shashank Kumar Mandaloju,

You’re running into a known limitation in the current AI Foundry “new experience” UI. The Admin → Users tab only shows inherited access and does not let you click Add user to grant a direct project‑level role assignment. At the same time, the agent runtime requires an explicit role assignment at the project scope for the Microsoft.CognitiveServices/accounts/AIServices/agents/write data action and does not accept inherited RBAC.

To fix this, you need to grant the required role via Azure CLI or PowerShell at the project‑level ARM scope. First, identify the project’s scope: /subscriptions/{subscriptionId}/resourceGroups/{rgName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/projects/{projectName}

Then, use the user’s object ID from Entra ID and run one of these commands:

With Azure CLI:

bash
az role assignment create \
  --assignee <userObjectId> \
  --role "Azure AI User" \
  --scope "/subscriptions/{subscriptionId}/resourceGroups/{rgName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/projects/{projectName}"

With PowerShell:

powershell
New-AzRoleAssignment `
  -ObjectId <userObjectId> `
  -RoleDefinitionName "Azure AI User" `
  -Scope "/subscriptions/{subscriptionId}/resourceGroups/{rgName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/projects/{projectName}"

You can use Azure AI Project Manager if the user needs broader control. After running the command, wait a few minutes for propagation and ask the user to retry the Teams deployment. For Teams scenarios, also ensure the end user has Azure AI User on the Agent Application resource and that the agent identity has the necessary RBAC on downstream resources like storage, Log Analytics, or MCP‑connected services.
Hope this Helps!

Pilladi Padma Sai Manisha 7,390 Reputation points Microsoft External Staff Moderator

2026-04-28T17:43:33.6133333+00:00

Hi
Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Shashank Kumar Mandaloju 0 Reputation points

2026-04-28T21:32:40.74+00:00

Hi Padma,
Thanks for your response. I actually found out the root cause which is the cross tenant communication issue.

Our company operates across two Azure tenants one for user services such as the Teams, Outlook, etc microsoft services, other one for development, like we build Azure Datalake, fabric, ai foundry agents on top of this tenant.

So I am trying to connect with an account from one tenant to the other with all the access required. But it's not allowing me to. This is the setup how we operate in our company and it has to stay that way.

Please let me know if you have any information on how to do the cross-tenant authentication, that will help me resolve the issue.
Pilladi Padma Sai Manisha 7,390 Reputation points Microsoft External Staff Moderator

2026-05-01T17:48:43.7266667+00:00
Hi Shashank,

Thank you for the update.

Based on what you’ve described, the behavior is consistent with a cross-tenant identity boundary rather than a standard RBAC issue. In your scenario:

Your Azure AI Foundry project and agent resources reside in one Microsoft Entra tenant (your development tenant).

Your Teams users and Microsoft 365 identities reside in a separate tenant (your corporate productivity tenant).

This is a common enterprise architecture, but it introduces an important limitation: Azure AI Foundry agent authorization is tenant-scoped.

Why This Happens

When a user invokes the agent from Microsoft Teams, the Teams access token is issued by the Microsoft Entra tenant associated with your Microsoft 365 environment. Azure AI Foundry then validates that token against the tenant that owns the Foundry project.

If the token originates from a different tenant, the runtime cannot directly authorize the request, even if equivalent RBAC permissions exist in the resource tenant. This is why users in the external tenant receive authorization errors, while users in the resource tenant succeed.

Supported Approach:

Azure AD B2B Guest Access

To enable cross-tenant access, users from your Microsoft 365 tenant must be represented in the Azure AI Foundry tenant as B2B guest users.

Recommended Steps

Invite the Teams users from your corporate tenant into the Azure AI Foundry tenant as guest users.

Assign those guest accounts the required role at the project scope, typically Azure AI User, or Azure AI Developer

Ensure the Teams app and authentication flow use the guest identity in the Foundry tenant.

This allows Azure AI Foundry to authorize requests using an identity that exists in the resource tenant while still allowing users to sign in with their home tenant credentials.

Important Considerations

Role assignments must be granted to the guest user object in the Foundry tenant, not only to the home-tenant account.

The Teams app may require users to consent to the guest-tenant application during first sign-in.

Conditional Access and cross-tenant access settings in both tenants must permit B2B collaboration.

Tenant Configuration Requirements

Bothe tenants should verify:

Cross-tenant access settings allow inbound and outbound B2B collaboration

External collaboration is enabled

Required Teams and Azure AI applications are permitted for guest access

If seamless cross-tenant authentication is a strict requirement, another option is to implement a custom authentication layer or middle-tier service in the resource tenant that brokers requests between Teams and Azure AI Foundry. However, for most scenarios, Azure AD B2B guest access is the recommended and supported solution.

Answer 2

This scenario matches a permissions/identity mismatch between the project and the published agent, not a requirement for direct project-level UI assignments.

Key points from the documented behavior:

Publishing changes the identity
- During development in the Foundry project, the agent uses the project’s shared agent identity.
- After publishing (for example, to Teams via Bot Service), the agent uses a distinct Entra agent identity associated with the Agent Application resource, not the project identity.
- Permissions granted to the project identity do not transfer to the published agent identity.
Required action after publishing
- After publishing, RBAC must be reassigned to the new agent identity on any resources the agent calls.
- If this step is skipped, tool calls and downstream operations that worked in the playground fail with authorization errors once the agent is invoked from Teams.
What the error is really indicating
- The error message mentions Microsoft.CognitiveServices/accounts/AIServices/agents/write and suggests assigning Azure AI User on the project.
- In the published scenario, the relevant scope for invocation is the Agent Application resource, which has its own RBAC boundary and identity.
- The fact that the agent works in the Foundry playground but fails in Teams for everyone except the deployer is consistent with:
  - The deployer having sufficient rights on both the project and the new Agent Application, and/or
  - The published agent identity not having the necessary RBAC on the underlying resources.
Why the “Add user” button is greyed out
- The project is a shared development workspace; publishing is the supported way to separate development from production.
- The documented model is to control who can invoke the published agent by assigning roles (for example, Azure AI User) on the Agent Application resource, not by adding direct project-level entries.
- A greyed-out “Add user” button with only inherited access visible is consistent with a design where project-level direct assignments are restricted, while RBAC is expected to be managed at the resource (Agent Application) scope.
How to unblock Teams usage Follow these steps aligned with the documented model:
1. Identify the published Agent Application resource
  - Locate the Agent Application that was created when the agent was published. This is the production resource that fronts the agent version and has its own RBAC scope and Entra agent identity.
2. Grant users access to invoke the agent
  - On the Agent Application resource, assign an appropriate role (for example, Azure AI User) to the users or groups that must use the agent in Teams.
  - This controls who can call the published agent endpoint, independent of the project.
3. Grant the published agent identity access to downstream resources
  - Determine which tools/resources the agent calls (for example, storage, Log Analytics, other Azure services via MCP/A2A, etc.).
  - On each target resource, assign the required RBAC roles to the published agent’s Entra agent identity, not the project identity.
  - Common issues documented include:
    - Roles assigned to the wrong identity (project identity instead of published agent identity).
    - Missing role assignments for the agent identity on the target resource.
    - Incorrect audience configuration when using Entra ID–based auth.
4. Re-test from Teams
  - After RBAC updates propagate, invoke the agent from Teams again.
  - The agent should now be able to:
    - Authorize the calling user via roles on the Agent Application resource.
    - Successfully call downstream tools using the published agent identity.
About CLI/API for direct project permissions
- The documented model emphasizes:
  - Project = shared dev space using a shared identity.
  - Published Agent Application = production resource with its own identity and RBAC scope.
- The documentation provided focuses on assigning roles via standard Azure RBAC (for example, Azure portal or az role assignment create) at the Agent Application and downstream resource scopes, not on adding direct project-level entries via CLI when the UI is disabled.
- The supported and recommended way to resolve this scenario is to:
  - Use RBAC on the Agent Application for user invocation permissions.
  - Use RBAC on downstream resources for the published agent identity.
Summary for this case
- This is not resolved by enabling project-level “Add user” in the UI.
- The effective fix is to:
  - Reassign necessary RBAC roles to the published agent’s Entra identity on all resources it accesses.
  - Assign appropriate roles (for example, Azure AI User) to end users on the Agent Application resource so they can invoke it from Teams.
- Once those assignments are in place, inherited permissions at the project level no longer block Teams usage, because authorization is enforced at the Agent Application and downstream resource scopes.

References:

Share via

AI Foundry Agent Authorization Error - Teams Deployment Fails for External Users Despite Correct Azure RBAC Permissions

2 answers

Your answer