Hosted Agent publish to Teams/M365 appears successful but agent is unreachable until separate Deploy step; flow ambiguity + Docker-only deploy blocker

[ShivamGoyal03]

Summary

Using Foundry Toolkit Hosted Agents (public preview / RC Agent Framework), local validation succeeds and Publish to Teams / M365 Copilot completes with success confirmation, but the agent is not visible/reachable in Teams or M365 surfaces, and endpoint calls fail from Azure Bot Service web channel.

This appears to be a workflow gap where publish and runtime deployment are separate but not clearly communicated in the UI.

---

Environment

• OS: Windows
• VS Code Foundry Toolkit: latest available at time of report
• Agent Framework stack: RC/public preview path
• Deployment target: Microsoft Foundry Hosted Agent + Teams/M365 channel

---

What I did

1. Built and tested hosted agent locally in VS Code (works as expected).
2. Used Foundry Toolkit publish wizard to publish to:
   • Microsoft Teams
   • Microsoft 365 Copilot
3. Wizard completed successfully and showed confirmation.
4. Tried to use the agent from channel surfaces / endpoint.

---

Actual behavior

• Agent does not appear or is not reachable in Teams/M365 agent surfaces.
• Direct API/channel calls fail.
• Foundry side shows no active hosted deployment (or no live backend behind endpoint).
• Agent identity provisioning can remain pending.

---

Expected behavior

After “Publish to Teams/M365” completes (or at least via a clearly guided flow), I should either:

1. Have a fully live, reachable hosted agent endpoint, or
2. Be explicitly blocked with a clear message that runtime is not deployed yet and provide one-click next step.

---

Root cause analysis (observed)

There are two distinct steps that currently feel coupled in UX but are separate in runtime effect:

1. Publish to Teams/M365

   • Registers bot channel/app artifacts and shell
   • Registration-only; does not create live hosted runtime

2. Deploy Hosted Agent

   • Builds Docker image, pushes to ACR, creates hosted runtime deployment
   • This is required for endpoint to actually respond

If step #2 is not completed, endpoint exists but no running backend is available.

---

Current blocker

I cannot complete Deploy Hosted Agent in this environment because:

• Deployment requires local Docker image build
• Docker Desktop is unavailable
• No cloud-side build/deploy fallback is offered in this flow

---

Additional auth observation

Azure Bot Service sends Bot Framework JWTs (iss=https://api.botframework.com) to messaging endpoint.
Current Foundry AI Services gateway path appears to reject this token shape in this setup, resulting in failed requests when backend/runtime is not correctly provisioned or auth expectations differ.

(If this portion belongs to another service/component, please route accordingly.)

---

Impact

• Publish success gives impression that deployment is complete, but agent is non-functional.
• High confusion and time loss during workshop/onboarding scenarios.
• Blocks Teams/M365 channel validation without Docker availability.

---

Requested improvements

1. UX clarity: Explicitly separate “Publish Channel Registration” vs “Deploy Runtime” in wizard and success messages.
2. Post-publish guardrails: Show health check status and “No active deployment” warning before concluding success.
3. Actionable next step: One-click “Deploy Hosted Agent now”.
4. Dockerless option: Provide cloud-side build/deploy path when local Docker is unavailable.
5. Docs/tooltip update: Clarify that publish alone does not create a live runtime.
6. Token/auth guidance: Document supported token expectations for Teams/Bot channel integration with hosted agents.

[huimiu]

Hi @ShivamGoyal03, could you please share more details about the errors you ran into with the hosted agent deployment? Also, I noticed you mentioned publishing to other channels. Our extension doesn’t support publishing yet. Are you looking for help with the publish feature?

[ShivamGoyal03]

Hi @ShivamGoyal03, could you please share more details about the errors you ran into with the hosted agent deployment? Also, I noticed you mentioned publishing to other channels. Our extension doesn’t support publishing yet. Are you looking for help with the publish feature?

Hi @huimiu , thanks for following up!

Current State

The hosted agent is fully deployed on Microsoft Foundry and returns expected results when called directly. The failure is specifically at the channel integration layer.

Even with a healthy Foundry deployment, the Bot Service "Test in Web Chat" always returns:

Bot said: We apologize, but something went wrong. Please try again.
ConversationId=ujfUNl8Fa257ZRKAgVbTZ-as, ActivityId=ujfUNl8Fa257ZRKAgVbTZ-as|0000000

The root cause appears to be a JWT mismatch: Azure Bot Service sends Bot Framework tokens (iss: https://api.botframework.com) to the messaging endpoint, but the Foundry AI Services gateway expects a different token shape. The agent endpoint is live, but the gateway cannot authenticate inbound Bot Framework activity - so every channel call fails silently.

---

On the publish feature

Regarding your note - the Foundry Toolkit extension does surface a publish/deploy wizard in the version I am on (public preview, RC Agent Framework path). It stepped through publishing to Microsoft Teams and Microsoft 365 Copilot and completed with a success confirmation dialog. It may be gated to a specific preview track, but it was fully accessible and executable on my end.

No screenshots available as I've since updated the repo, but happy to share the exact extension version or record a walkthrough if that helps.

Updated reference repo: https://github.com/microsoft-foundry/Foundry_Toolkit_for_VSCode_Lab

---

Questions

1. Is there a supported path to connect a Foundry-hosted agent to Teams/Bot Service channels on the current public preview track, or is multichannel support not yet available at this stage?
2. Is there a token/auth configuration step needed to make Foundry's gateway accept Bot Framework JWTs?
3. Should this be tracked against the Foundry team rather than the Foundry Toolkit, given the failure is at the gateway layer?

Happy to provide any additional details or jump on a call!

[huimiu]

Hi @ShivamGoyal03, sorry, we do not currently have a supported path for your scenario on the extension side. I will check with our PM to see if any guidance can be provided.

[ShivamGoyal03]

Hi @huimiu , any follow-up?

[huimiu]

@ShivamGoyal03, Sorry, our PM is on vacation right now. I’ll let you know when I get an update.