![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 12%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
3,410 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 22%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Hello @一波 陆,
Integrating an Azure Bot with Microsoft Teams while disabling public access and using a private endpoint is a challenging scenario due to how Teams interacts with bots. Microsoft Teams is a cloud-based service that relies on public Bot Framework endpoints to communicate with bots. When public access is disabled on the Azure Bot service, the Teams channel gets automatically unconfigured, making direct integration via private endpoint unsupported out-of-the-box.
However, there are workarounds to meet both the security requirement of private-only access and the integration need with Teams:
Enable public access to the bot but use IP filtering or Network Security Groups (NSGs) to allow only Microsoft Teams IP ranges. This provides a secure perimeter while still allowing Teams to interact with your bot.
Deploy your bot in a VNet-integrated App Service, keep it private, and expose it externally via APIM. APIM can enforce authentication, rate limiting, IP whitelisting, and auditing. It acts as a controlled proxy between Teams and your bot, preserving security while meeting Teams' requirement for a public endpoint.
While private endpoints and Azure Relay/Hybrid Connections offer internal connectivity, they are not officially supported for Teams integration with Azure Bot Service and require custom workarounds not suitable for production.
In summary, you cannot directly integrate an Azure Bot with Teams using only a private endpoint because Teams needs to reach the bot over the internet. But by exposing your bot securely using IP restrictions or a gateway like APIM you can balance security and accessibility. This setup allows Teams to interact with your bot while still satisfying your organization’s policy of intranet-only access for other sources.
Please refer network isolation for the VNET and private endpoint configuration details:
I Hope this helps. Do let me know if you have any further queries.
If this answers your query, please do click Accept Answer and Yes for was this answer helpful.
Thank you!