Configure Bot Framework bots for US Government customers
This article is for US government customers who are deploying Bot Framework and Azure Bot Service bots to the Microsoft Azure Government cloud.
Bots in Azure Government that connect to Microsoft Teams must use the Microsoft Office 365 Government Community Cloud (GCC) High environment.
This article describes how to configure a bot to work with the Azure Government cloud and with the Office 365 GCC High environment.
- An account in the Azure Government cloud.
- To extend Teams, an Azure Bot resource created in the Office 365 GCC High environment.
- Bot Framework SDK version 4.14 or later.
Use the cloud adapter
Make sure that your bot uses the cloud adapter, or an adapter that derives from the cloud adapter. The cloud adapter lets you specify settings specific to the Azure Government cloud and the Office 365 GCC High environment.
ConfigurationBotFrameworkAuthentication class reads authentication settings from your bot configuration file.
The cloud adapter, when it's created, will use these authentication settings.
Make sure that the
ConfigureServices method in your Startup.cs file contains this line.
Configure for Azure Government
The Azure Government cloud uses
https://botframework.azure.us for the channel service endpoint.
For most channels, setting the channel service endpoint is sufficient.
See the next section for additional settings required to support Microsoft Teams in the Office 365 GCC High environment.
Add the following setting to your appsettings.json file.
Configure for Office 365 GCC High
For Office 365 services, additional settings are required to handle user authentication correctly. Currently, only the Microsoft Teams channel is available in the Office 365 GCC High environment.
Add the following settings to your appsettings.json file.
"ChannelService": "https://botframework.azure.us", "OAuthUrl": "https://tokengcch.botframework.azure.us/", "ToChannelFromBotLoginUrl": "https://login.microsoftonline.us/MicrosoftServices.onmicrosoft.us", "ToChannelFromBotOAuthScope": "https://api.botframework.us", "ToBotFromChannelTokenIssuer": "https://api.botframework.us", "ToBotFromChannelOpenIdMetadataUrl": "https://login.botframework.azure.us/v1/.well-known/openidconfiguration", "ToBotFromEmulatorOpenIdMetadataUrl": "https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0/.well-known/openid-configuration", "ValidateAuthority": true,
Add user authentication to your bot
Your bot can use various identity providers to access resources on behalf of a user, such as Azure Active Directory (Azure AD) and many other OAuth providers.
The Office 365 GCC High environment uses a redirect URL that is different from the ones used for other environments.
When configuring your bot for authentication within the Office 365 GCC High environment, use
https://tokengcch.botframework.azure.us/.auth/web/redirect as the OAuth redirect URL and follow the steps in how to add authentication to your bot.
For more information about Microsoft Azure Government and Office 365 Government High, see:
With these steps your bot should be configured to work successfully in the Azure Government cloud and the Office 365 GCC High environment. Other useful references regarding Bot Service in Azure Government.