Want to integrate Bot in MS Teams channel for auto replying messages/welcoming users/etc. For that created Bot in Azure and as part of the configuration it required messaging endpoint and it should be publicly accessible HTTPS. But due to security reason and limitations, unable to expose the server. Is there any other way we can achieve it without exposing the server to publicly?
2
Answers
To request an access token from the login service, issue the following request, replacing
MICROSOFT-APP-ID,MICROSOFT-APP-PASSWORDandMICROSOFT-TENANT-IDwith the bot’s:AppID,password,tenantId,that you obtained when you registered your bot with the Bot Service.
The Teams backend servers need to be able to communicate with your bot, via the Bot Framework Service infrastructure, so the bot definitely needs a live, public httpS address. However, there are options to "tunnel" that to an on premises environment, e.g. CloudFlare Tunnel and I think Azure has a service for this as well.
In addition, any message your bot receives from Teams will have a Tenant ID associated with it, so you can verify that the message is from Teams, that the TenantId exists and that it matches your tenant. Here’s a sample to do this: https://github.com/OfficeDev/microsoft-teams-sample-complete-csharp/blob/master/template-bot-master-csharp/middleware/Middleware.cs
Finally, you can look to implement SSO in your bot to securely authenticate the user and get the tenant Id from there as well. See here: https://learn.microsoft.com/en-us/microsoftteams/platform/sbs-bots-with-sso