question

Prateek-1335 avatar image
1 Vote"
Prateek-1335 asked Prateek-1335 answered

Azure Bot Service IsIsolated Setting

In the Azure Bot Service ARM template there is a setting called "isIsolated" which has a vague description says "Whether the bot is in an isolated network".

Is there any documentation available which describes this particular feature and/or an ARM template which shows how we can configure it for a Azure Bot deployment. I believe that there is also an inbuilt Azure Policy related to this feature as well but I am struggling to find any documentation that describes it in more detail.

125898-image.png



https://docs.microsoft.com/en-us/azure/templates/microsoft.botservice/botservices?tabs=json

https://docs.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#bot-service

azure-bot-service
image.png (44.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Prateek-1335 Thanks, Can you please add more details about the channel and deployment that you are trying.

0 Votes 0 ·
ramr-msft avatar image
0 Votes"
ramr-msft answered ramr-msft edited

@Prateek-1335 Thanks for the Question. We have forwarded to product team for the document. You should be able to specify an Azure Policy that allows a bot to be created in an “isolated only” mode. This new Boolean property be added to the botService resource – isIsolated.

This property will be settable via ARM and will be shared as part of the bot record with partner services like teams, directline speech and other first party channels. It will also be consumed by channels owned by botframework.

The customer will be able to set an azure policy that this property be set to true for their organization during bot creation.

The property being true has the following effect –

All channels are shown as disabled in the channels blade in Azure, except DL-ASE

ARM/devportal does not allow PUT/Patch requests to configure/enable channels other than DL-ASE

Existing channels may still be disabled (deleted)

Webchat blade is disabled

Any channels that were already configured before this flag was set, stop working by throwing a well-known error

DL-ASE configuration section/page remains enabled.

DL-ASE extension should detect if it is running outside a VNET and stop working (optional?)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Prateek-1335 avatar image
1 Vote"
Prateek-1335 answered

Thanks for the detailed explanation @ramr-msft

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.