What are the downside of using public service URL in Microsoft Teams Integration

Vaibhav Kinger 20 Reputation points
2024-09-23T11:42:21.17+00:00

I'm integrating Microsoft teams to send message to users as an App using bot framework.

Currently, I need service url for sending messages but in my design, I can't use webhook.

Therefore I'm planning to use public service url (https://smba.trafficmanager.net/teams).
Are there any security or latency concern If I use this public service URL?

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,136 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,267 questions
{count} votes

Accepted answer
  1. Prasad-MSFT 6,776 Reputation points Microsoft Vendor
    2024-10-01T05:15:16.02+00:00

    Hi Vaibhav Kinger,

    • Security vulnerabilities: there are no security risks of the current approach. All the IDs are publicly available to 3p developers and they are all EUPI so developers can't get user information from them directly (no privacy concerns as well). On Teams/IC3 services, we do perform ACL check, tenant setting/policy and user identity validation so any unauthorized access will be blocked.
    • Regarding the global route alias "teams", it won't impact latency since due to the EUDB and other compliance requirement, SMBA service will process the bot request in the user/tenant region. Due to this requirement, an internal region lookup is always needed. So, it doesn't matter which alias is passed by the bot (regional alias like amer, apac, in, etc. or the global one teams).
    • The global routing alias provides extensive support for proactive message scenario in a case where the bot wants to send a message to user w/o previous received message, so it cached the callback URL.

    Thanks, 

    Prasad Das

    ************************************************************************* 

    If the response is helpful, please click "Accept Answer" and upvote it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.   

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Prasad-MSFT 6,776 Reputation points Microsoft Vendor
    2024-09-24T06:28:03.1933333+00:00

    Using the public service URL https://smba.trafficmanager.net/teams for sending messages in Microsoft Teams via the bot framework is a common approach. When a user sends a message to your bot, the incoming request contains an Activity object with a serviceUrl property that specifies the endpoint to which your bot should send its response.
    https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-api-reference?view=azure-bot-service-4.0#base-uri

    While using the public service URL is generally reliable, there can be occasional latency issues. These might be due to network conditions or the load on the traffic manager. Public URLs can expose sensitive data or endpoints to unauthorized access, making them vulnerable to attacks or data breaches.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.