Introduction
In 2026, Microsoft Teams is at the heart of enterprise collaboration, with over 320 million monthly active users. Advanced bots go beyond simple replies to orchestrate complex workflows: sending proactive messages via Microsoft Graph API, dynamic team management, real-time AI analysis integration. This advanced tutorial guides you step-by-step to create a Node.js/TypeScript bot that (1) responds to user commands, (2) authenticates via Azure AD, (3) lists team channels via Graph, and (4) sends proactive notifications. Ideal for automating security alerts or meeting summaries. With 100% functional code, full configs, and advanced pitfalls avoided, this guide is a must-bookmark for any Microsoft 365 architect. Estimated time: 2 hours for live deployment.
Prerequisites
- Free Azure account (with $200 credit)
- Node.js 20+ and npm 10+
- Azure CLI 2.60+ installed
- Advanced knowledge of TypeScript, OAuth 2.0, and REST APIs
- Visual Studio Code with Azure and TypeScript extensions
- Teams admin access for sideloading apps
Installing Dependencies
mkdir teams-bot-avance
cd teams-bot-avance
npm init -y
npm install @microsoft/botframework-sdk@4.21.2 restify@11.1.0 dotenv@16.4.5 @azure/identity@4.2.1 @microsoft/microsoft-graph-client@3.0.7 typescript@5.6.2 @types/node@22.7.4 @types/restify@8.5.10 ts-node@10.9.2
npm install -D nodemon
npx tsc --initThis command initializes a Node.js project with essential SDKs: Bot Framework for Teams interactions, Graph Client for advanced API calls, and Azure Identity for app-only auth. TypeScript types provide robust IntelliSense completion. Pitfall: Check 2026-compatible versions to avoid breaking changes in SDK v5+.
Configuring the Azure App Registration
Log in to Azure CLI (az login) and create an App Registration via the Azure portal (App registrations > New). Note the Application (client) ID, Tenant ID, and generate a Client Secret. Add API permissions: Microsoft Graph > Application permissions (Teams.Read.All, Channel.ReadBasic.All, ChatMessage.Send). Grant admin consent. For the bot, expose the /api/messages endpoint as Single Sign-On and Messaging endpoint (https://your-bot.azurewebsites.net/api/messages). Analogy: It's like an OAuth passport for your bot—without it, Graph will block proactive calls.
Creating the Bot Resource via Azure CLI
az login
az account set --subscription "Votre Subscription ID"
az bot create --name "teams-bot-avance" --resource-group "rg-teams-bot" --kind bot --sku S1 --location westeurope --endpoint "https://teams-bot-avance.azurewebsites.net/api/messages" --microsoft-app-id "votre-app-id"This CLI creates a paid Bot Service resource (S1 for production) linked to your App Registration. It automatically configures the messaging endpoint for Teams. Pitfall: Use --kind bot for Teams; choose --location close to your users for <100ms latency. Replace placeholders with your actual values.
Environment Configuration File
MICROSOFT_APP_ID=votre-app-id
MICROSOFT_APP_PASSWORD=votre-client-secret
TENANT_ID=votre-tenant-id
BOT_ENDPOINT=https://teams-bot-avance.azurewebsites.net/api/messages
GRAPH_SCOPE=https://graph.microsoft.com/.defaultThis .env file stores critical secrets for Bot Framework and Graph auth. Never commit to Git! Use Azure Key Vault in production. Pitfall: GRAPH_SCOPE is for app permissions; for delegated, use user scopes.
Project Structure and tsconfig
Create the src/ folder and place .env at the root. Update tsconfig.json for target ES2022 and module NodeNext. Run npm run dev with nodemon: "dev": "nodemon --exec ts-node src/bot.ts". This scalable base supports hot-reloads for rapid iterations.
Main Bot Code with Graph Integration
import * as restify from 'restify';
import { BotFrameworkAdapter, MemoryStorage, ConversationState, UserState } from 'botbuilder';
import { Client } from '@microsoft/microsoft-graph-client';
import { ClientSecretCredential } from '@azure/identity';
import * as dotenv from 'dotenv';
dotenv.config();
const adapter = new BotFrameworkAdapter({
appId: process.env.MICROSOFT_APP_ID!,
appPassword: process.env.MICROSOFT_APP_PASSWORD!
});
const storage = new MemoryStorage();
const conversationState = new ConversationState(storage);
const userState = new UserState(storage);
const server = restify.createServer();
server.listen(process.env.port || process.env.PORT || 3978, () => {
console.log(`${server.name} listening to ${server.url}`);
});
server.post('/api/messages', (req, res) => {
adapter.processActivity(req, res, async (context) => {
if (context.activity.type === 'message') {
const text = context.activity.text?.toLowerCase();
if (text === 'list channels') {
await sendChannelsList(context);
} else {
await context.sendActivity(`Echo: ${context.activity.text}`);
}
}
});
});
async function sendChannelsList(context: any) {
const tenantId = process.env.TENANT_ID!;
const clientId = process.env.MICROSOFT_APP_ID!;
const clientSecret = process.env.MICROSOFT_APP_PASSWORD!;
const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
const graphClient = Client.initWithMiddleware({ authProvider: { getAccessToken: () => credential.getToken('https://graph.microsoft.com/.default') } });
try {
// Fetch teamId and channelId from activity (simplified for demo)
const teamId = 'votre-team-id'; // Dynamically adapt via context
const channels = await graphClient.api(`/teams/${teamId}/channels`).get();
await context.sendActivity(`Channels: ${channels.value.map((c: any) => c.displayName).join(', ')}`);
} catch (error) {
await context.sendActivity('Graph Error: ' + (error as Error).message);
}
}This bot listens for Teams messages and responds to 'list channels' via Graph API to list a team's channels (replace teamId with dynamic extraction from context.activity.teamInformation.id). App-only auth via ClientSecretCredential enables powerful server-side calls. Pitfall: MemoryStorage for dev only; switch to CosmosDB in production for persistent multi-session state.
Teams App Manifest XML
<?xml version="1.0" encoding="UTF-8"?>
<TeamAppManifest xmlns="http://schemas.microsoft.com/Office/2018/03/addins" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ID>votre-app-id</ID>
<Version>1.0.0</Version>
<Name>Bot Avancé Teams</Name>
<Description>Bot avec Graph pour gestion équipes</Description>
<Developer>
<Name>Votre Entreprise</Name>
<Website>https://learni-group.com</Website>
</Developer>
<Icons>
<Color>color.png</Color>
<Outline>outline.png</Outline>
</Icons>
<Bots>
<Bot Id="votre-app-id" Scopes="team personal">
<SupportsFiles>Select false;Open false</SupportsFiles>
<IsNotificationOnly false Commands="[]" />
<SupportsCalling false />
<SupportsVideo false />
</Bot>
</Bots>
<ValidDomains>
<Domain>token.botframework.com</Domain>
<Domain>graph.microsoft.com</Domain>
</ValidDomains>
<WebApplicationInfo>
<Id>votre-app-id</Id>
<Resource>https://Rsc.pivot</Resource>
</WebApplicationInfo>
</TeamAppManifest>This complete manifest packages your bot as a sideloadable Teams app. Add 192x192 PNG icons. Scopes="team personal" enables it in personal chats/teams. Pitfall: WebApplicationInfo required for Graph delegated SSO; validate via Developer Portal.
Adding Proactive Messages with Graph
For advanced use: Use Graph's chatMessage.Send to notify users without prior interaction. Store conversationReference in a DB, then POST to /chats/{chatId}/messages. Example in sendProactive.ts: Extract ref from context.activity.conversation.reference and adapt the bot code above. Requires Chat.Create permission.
Azure Deployment Script
npm run build
az webapp up --name teams-bot-avance --resource-group rg-teams-bot --runtime "NODE|20-lts" --env-vars MICROSOFT_APP_ID=$MICROSOFT_APP_ID MICROSOFT_APP_PASSWORD=$MICROSOFT_APP_PASSWORD TENANT_ID=$TENANT_ID
az bot authsetting appsetting set --name teams-bot-avance --resource-group rg-teams-bot --settings MicrosoftAppId=votre-app-id MicrosoftAppPassword=votre-secretThis script builds TS and deploys to App Service, injecting secure env vars. authsetting links to Bot Service. Pitfall: --runtime NODE|20-lts for 2026; scale with --plan B2 for high traffic.
Package.json with Scripts
{
"name": "teams-bot-avance",
"version": "1.0.0",
"scripts": {
"build": "tsc",
"dev": "nodemon --exec ts-node src/bot.ts",
"start": "node dist/bot.js"
},
"dependencies": {
"@azure/identity": "^4.2.1",
"@microsoft/botframework-sdk": "^4.21.2",
"@microsoft/microsoft-graph-client": "^3.0.7",
"dotenv": "^16.4.5",
"restify": "^11.1.0"
},
"devDependencies": {
"@types/node": "^22.7.4",
"@types/restify": "^8.5.10",
"nodemon": "^3.1.7",
"ts-node": "^10.9.2",
"typescript": "^5.6.2"
}
}Ready-to-use scripts for dev/prod. build compiles TS to dist/. Pitfall: Add "type": "module" for ESM; test locally with ngrok for Teams tunneling.
Best Practices
- State Persistence: Replace MemoryStorage with Azure CosmosDB for horizontal scalability.
- Graph Rate Limiting: Implement retry with exponential backoff (429 errors).
- Security: Use Managed Identity instead of secrets; audit least-privilege permissions.
- Logging: Integrate Application Insights for end-to-end traces.
- Testing: Mock Graph with MSW; CI/CD via GitHub Actions with az CLI.
Common Errors to Avoid
- Auth fail (AADSTS700 : Check tenant/client ID; missing admin consent.
- CORS/Endpoint not exposed : Add bot endpoint in Azure Portal > Channels > Teams.
- Proactive without ref : Always store conversationReference before turn ends.
- Dynamic TeamId : Extract from
activity.channelData.tenant.id, not hardcoded.
Next Steps
Level up to expert with Bot Framework Composer for low-code AI, or integrate Azure OpenAI for conversational chatbots. Explore Microsoft Graph Teams API docs. Full training: Learni Group Microsoft 365 Courses. Join our Discord for live Q&A.