Share via

"Webhook validation handshake failed" when trying to use Microsoft Entra authentication on event subscription

Justin van Heerden 20 Reputation points
2026-03-24T06:32:13.78+00:00

I have connected my copilot studio agent to the WhatsApp channel.

User's image

When you connect through this channel your event subscription on your Azure Communication Service gets auto-generated with the correct filters and webhook.

The webhook follows this schema: https://europe.whatsapp.botframework.com/api/v1/bots/

Azure Communication Services
Answer accepted by question author
  1. Praneeth Maddali 7,310 Reputation points Microsoft External Staff Moderator
    2026-03-24T19:49:39.4066667+00:00

    HI @Justin van Heerden

    Thanks for the detailed description

    The root cause is that the auto-generated event subscription created by Copilot Studio points to Microsoft’s managed Bot Framework endpoint (https://europe.whatsapp.botframework.com/api/v1/bots/<id>). That endpoint is designed to work with the default delivery method (no explicit Microsoft Entra Authentication). When you switch the subscription to Microsoft Entra auth, Event Grid sends a validation request that includes a bearer token the managed endpoint isn’t built to handle, so the handshake fails.

    could you please follow the below steps:

    1. Return to your Azure Communication Services resource and go to Events, then select the WhatsApp event subscription.
    2. Clear the Microsoft Entra Authentication settings by removing the Tenant ID and Application ID fields. This will revert to the original “Managed Identity For Delivery” or no authentication.
    3. Save the subscription. It should return to the Succeeded state.

    If your agent is still not responding to WhatsApp messages, the default setup should work, but redeploying can often fix any remaining provisioning issues. In Copilot Studio, go to Channels, select WhatsApp, disconnect, and then Deploy again using the same ACS resource and phone number. After that, republish your agent. Also, ensure the agent’s Security settings are set to No authentication or Authenticate manually, since WhatsApp doesn’t support Microsoft Entra ID authentication. This is the supported Microsoft process for this integration.

     reference:

    https://dori-uw-1.kuma-moon.com/en-us/microsoft-copilot-studio/publication-add-bot-to-whatsapp

    https://dori-uw-1.kuma-moon.com/en-us/azure/communication-services/concepts/advanced-messaging/whatsapp/whatsapp-channel-prerequisites

    https://dori-uw-1.kuma-moon.com/en-us/azure/event-grid/troubleshoot-subscription-validation

    https://dori-uw-1.kuma-moon.com/en-us/azure/event-grid/secure-webhook-delivery

     Please do not forget to click "Accept the answer” and Yes, this can be beneficial to other community members.

    If you have any other questions, let me know in the "comments" and I would be happy to help you

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Justin van Heerden 20 Reputation points
    2026-03-26T05:38:39.0133333+00:00

    Yes the initial issue: "Webhook validation handshake failed" is resolved. Now the error is just that the copilot agent does not respond via WhatsApp.

    I had a similair issue like this with an other bot, but it was connected via Dynamics 365 and connected to a workstream on Dynamics. It experienced the same behaviour where, when a WhatsApp message was sent to the bot then the event subscription picked it up but the bot never responded. I resolved that issue by deleting the workstream and WhatsApp account on Dynamics and then disconnecting the Copilot Agent from Dynamics. Lastly I disconnected the phone number from the ACS resource. Then I connected everything back up and it started to work. The issue with this setup is that our adaptive cards were not behaving correctly. We used these adaptive cards mentioned in this document: https://dori-uw-1.kuma-moon.com/en-us/microsoft-copilot-studio/publication-add-bot-to-whatsapp. However we also saw that the document stated that the agent should be connected to the WhatsApp channel on Copilot Studio rather than the Dynamics 365 channel.

    That is what led me to connecting this test agent to the WhatsApp channel on Copilot Studio to see if it resolved this adaptive card issue. I have also in the meantime deleted the auto-generated event subscription and disconnected the Copilot agent from the WhatsApp channel, as well as disconnect the number from the ACS resource. Then connected everything back up and it still has the same issue of not responding via WhatsApp.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.