Share via

How to allow Microsoft Teams Agents to view external URLs

Ezra Roper 0 Reputation points
2025-12-10T11:33:20.84+00:00

I am trying to build an AI Agent using my company's teams website. However, the agent isn't able to view external links such as a Figma document or a live website. How do I configure the AI Agent so it is able to read my external links?

I would really appreciate setting up a call to help me answer this if it is possible please.

Microsoft Teams | Development
Microsoft Teams | Development
Building, integrating, or customizing apps and workflows within Microsoft Teams using developer tools and APIs

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Steven-N 15,555 Reputation points Microsoft External Staff Moderator
    2025-12-10T13:44:11.6133333+00:00

    Hi Ezra Roper

    Thank you for reaching out to Microsoft Q&A forum

    Based on my research, by default, Microsoft Teams bots (including AI agents) operate in a sandboxed environment and do not automatically fetch or render external web content for security reasons. When a user shares a link in Teams, the bot only receives the URL text and cannot access the underlying content unless additional integration steps are implemented. This limitation exists to prevent unauthorized data access and ensure compliance with organizational security policies.

    As far as I know, in this context, the most effective solution is to combine Teams link unfurling with API integration and OAuth authentication, you can follow the instruction below to see if it can meet your concern

    Step 1: Configure Link Unfurling in Teams App Manifest

    1. Add a composeExtensions section in your app manifest with a messageHandlers entry of type link.
    2. Specify the domains you want to support (e.g., figma.com).
    3. When a user pastes a link from these domains, Teams will send your bot a queryLink invoke activity.
    4. Your bot should respond with an Adaptive Card containing the preview (title, thumbnail, and an “Open” button).

    Reference: https://dori-uw-1.kuma-moon.com/en-us/microsoftteams/platform/messaging-extensions/how-to/link-unfurling?tabs=mobile%2Cjson%2Cadvantages

    Step 2: Integrate external APIs for full content retrieval

    1. Use the external service’s API to fetch metadata or content behind the link.
    2. Example for Figma:
      • Extract the file ID from the shared URL.
      • Call Figma’s API endpoint /v1/files/{file_key} to retrieve file details.
      • Parse the JSON response for components, frames, or comments.
    3. Present the data in Teams using Adaptive Cards or as part of the AI agent’s response.

    Reference: https://www.figma.com/developers/api

    Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.

    Step 3: Implement OAuth 2.0 for Authentication

    1. Register your bot in Azure Bot Service and configure OAuth settings.
    2. Use OAuthCard in your bot to prompt users for sign-in when needed.
    3. After authentication, store the access token securely (Azure Bot Service can manage tokens). Use the token to call external APIs on behalf of the user.

    Instruction at: https://dori-uw-1.kuma-moon.com/en-us/microsoftteams/platform/bots/how-to/authentication/add-authentication

    Compliance note:

    To keep things secure and compliant, make sure your bot only interacts with trusted domains listed in the manifest, and validate any URLs before processing. Request the least amount of access needed, ideally read-only, and store OAuth tokens safely. It’s also a good idea to log external data access for auditing and keep an eye on usage to prevent misuse. These steps help align with your organization’s security standards.

    Hope my answer will help you, for any further concern, kindly let me know in the comment section.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Sayali-MSFT 4,431 Reputation points Microsoft External Staff Moderator
    2025-12-11T09:41:50.52+00:00

    Hello Ezra Roper,
    Copilot Studio agents cannot access external links by default. They only use knowledge sources you explicitly add, and external sites work only if they’re public and added as knowledge sources. Private or authenticated sites (like Figma or internal web apps) require SSO, connectors, or Power Automate flows to enable secure access.

    To enable external content: add public URLs as knowledge sources, use Power Platform or custom connectors for authenticated systems, enable SSO, or use MCP for dynamic real-time integrations. Key considerations include authentication needs, security requirements, and avoiding performance issues by overloading the agent with too many URLs.

    Reference Document-

    1. https://dori-uw-1.kuma-moon.com/en-us/microsoft-copilot-studio/knowledge-add-public-website
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.