microsoft-agents-authentication-msal 1.1.0

A msal-based authentication library for Microsoft Agents

Microsoft Agents MSAL Authentication

Provides secure authentication for your agents using Microsoft Authentication Library (MSAL). It handles getting tokens from Azure AD so your agent can securely communicate with Microsoft services like Teams, Graph API, and other Azure resources.

What is this?

This library is part of the Microsoft 365 Agents SDK for Python - a comprehensive framework for building enterprise-grade conversational AI agents. The SDK enables developers to create intelligent agents that work across multiple platforms including Microsoft Teams, M365 Copilot, Copilot Studio, and web chat, with support for third-party integrations like Slack, Facebook Messenger, and Twilio.

Release Notes

Version	Date	Release Notes
1.1.0	2026-06-19	1.1.0 Release Notes
1.0.0	2026-05-22	1.0.0 Release Notes
0.9.0	2026-04-15	0.9.0 Release Notes
0.8.0	2026-02-23	0.8.0 Release Notes
0.7.0	2026-01-21	0.7.0 Release Notes
0.6.1	2025-12-01	0.6.1 Release Notes
0.6.0	2025-11-18	0.6.0 Release Notes
0.5.0	2025-10-22	0.5.0 Release Notes

Packages Overview

We offer the following PyPI packages to create conversational experiences based on Agents:

Package Name	PyPI Version	Description
microsoft-agents-activity		Types and validators implementing the Activity protocol spec.
microsoft-agents-hosting-core		Core library for Microsoft Agents hosting.
microsoft-agents-hosting-aiohttp		Configures aiohttp to run the Agent.
microsoft-agents-hosting-teams		Provides classes to host an Agent for Teams.
microsoft-agents-storage-blob		Extension to use Azure Blob as storage.
microsoft-agents-storage-cosmos		Extension to use CosmosDB as storage.
microsoft-agents-authentication-msal		MSAL-based authentication for Microsoft Agents.

Additionally we provide a Copilot Studio Client, to interact with Agents created in CopilotStudio:

Package Name	PyPI Version	Description
microsoft-agents-copilotstudio-client		Direct to Engine client to interact with Agents created in CopilotStudio

Installation

pip install microsoft-agents-authentication-msal

Quick Start

Basic Setup with Client Secret

Define your client secrets in the ENV file

CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTID=client-id
CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTSECRET=client-secret
CONNECTIONS__SERVICE_CONNECTION__SETTINGS__TENANTID=tenant-id

Load the Configuration (Code from main.py Quickstart Sample)

from .start_server import start_server

start_server(
    agent_application=AGENT_APP,
    auth_configuration=CONNECTION_MANAGER.get_default_connection_configuration(),
)

Then start the Agent (code snipped from (start_server.py Quickstart Sample](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/src/start_server.py)):

def start_server(
    agent_application: AgentApplication, auth_configuration: AgentAuthConfiguration
):
    async def entry_point(req: Request) -> Response:
        agent: AgentApplication = req.app["agent_app"]
        adapter: CloudAdapter = req.app["adapter"]
        return await start_agent_process(
            req,
            agent,
            adapter,
        )
[...]

Authentication Types

The M365 Agents SDK in Python supports the following Auth types:

class AuthTypes(str, Enum):
    certificate = "certificate"
    certificate_subject_name = "CertificateSubjectName"
    client_secret = "ClientSecret"
    user_managed_identity = "UserManagedIdentity"
    system_managed_identity = "SystemManagedIdentity"

Key Classes

• MsalAuth - Core authentication provider using MSAL
• MsalConnectionManager - Manages multiple authentication connections

Features

✅ Multiple auth types - Client secret, certificate, managed identity
✅ Token caching - Automatic token refresh and caching
✅ Multi-tenant - Support for different Azure AD tenants
✅ Agent-to-agent - Secure communication between agents
✅ On-behalf-of - Act on behalf of users

Security Best Practices

• Store secrets in Azure Key Vault or environment variables
• Use managed identities when possible (no secrets to manage)
• Regularly rotate client secrets and certificates
• Use least-privilege principle for scopes and permissions

Quick Links

• 📦 All SDK Packages on PyPI
• 📖 Complete Documentation
• 💡 Python Samples Repository
• 🐛 Report Issues

Sample Applications

Explore working examples in the Python samples repository:

Name	Description	README
Quickstart	Simplest agent	Quickstart
Auto Sign In	Simple OAuth agent using Graph and GitHub	auto-signin
OBO Authorization	OBO flow to access a Copilot Studio Agent	obo-authorization
Semantic Kernel Integration	A weather agent built with Semantic Kernel	semantic-kernel-multiturn
Streaming Agent	Streams OpenAI responses	azure-ai-streaming
Copilot Studio Client	Console app to consume a Copilot Studio Agent	copilotstudio-client
Cards Agent	Agent that uses rich cards to enhance conversation design	cards