I am looking for solution to secure Azure Bot when the communication channel is Direct Line, The WebChat code is embedded as IFrame in one of internal site and i want the incomming traffic to be restricted to only specific IP/url. There are security guideline documented on MS site, but those talks more about authentication and token based secure access. (https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-security-guidelines?view=azure-bot-service-4.0)
I wish to implement secure flow where the bot app service (or related services should not accessible from out side network.)
There is well defined document about how one can secure Microsoft Teams channel bot and web app behind a firewall (https://learn.microsoft.com/en-us/azure/architecture/example-scenario/teams/securing-bot-teams-channel) but it seems the difference is the TEAMS have list of IP range defined. (Could i use similar setup for direct line ?)
Could anyone please help to understand how i can secure bot services behind firewall, VN, Route table to restrict traffic from outside world ? Or direct me to any article/document/reference that could help me to achieve this.
Thank you.
