You can use certificate- or MSI-based authentication to validate your bot app instead of bot ID and secret. This authentication resolves the compliance concerns related to the use of Microsoft Entra ID and bot secret.
Prerequisites
Ensure that you have a Teams bot app deployed to Azure with the following resources:
An Azure bot.
An Entra ID with a secret used for bot authentication.
A resource that hosts your bot app, such as Azure App Service, Azure Functions.
Select your Resource group from the dropdown list.
If you don't have an existing resource group, you can create a new resource group. To create a new Azure bot service and managed identity, follow these steps:
Select Create new.
Enter the resource name and select OK.
Select a location from New resource group location dropdown list.
Under Microsoft App ID, select Type of App as User-Assigned Managed Identity.
From the Creation type, select Create new Microsoft App ID.
OR
You can manually create a managed identity first, then create the Azure Bot using the Use existing app registration.
Update the new Azure Bot messaging endpoint and channels to match those of the old service.
Go to your apps hosting resource.
Select Settings > Identity > User assigned.
Add the managed identity that you've created.
Update your bot app code for MSI
To update the bot app code for MSI, follow these steps:
Open your bot app project in Visual Studio or Visual Studio Code.