Building conversational AI applications requires infrastructure that bridges bot logic with communication channels like Microsoft Teams, web chat, or custom clients. Azure Bot Service provides this infrastructure, and the .NET Resource Manager SDK enables AI agents to programmatically provision bots, configure channels, manage OAuth connections, and handle the complete lifecycle of bot resources within Azure.
What This Skill Does
The azure-mgmt-botservice-dotnet skill provides comprehensive management capabilities for Azure Bot Service through the .NET SDK. It handles bot resource creation with proper MSA app integration, channel configuration for multiple platforms (Teams, DirectLine, Slack, Web Chat), OAuth connection settings for third-party service integrations, and private endpoint connections for secure deployments.
This skill enables agents to create Azure Bot resources with appropriate SKUs and endpoint configurations, add and configure channels with platform-specific settings, regenerate channel keys for security rotation, manage OAuth connection settings for scenarios requiring user authentication, and handle the full resource lifecycle from provisioning to deletion.
The SDK supports both legacy and modern bot types, including Azure Bots (recommended), Function Bots, SDK Bots, and Composer Bots. It provides strongly-typed channel configuration classes for each supported platform, ensuring correct property validation before deployment.
Getting Started
Install the Bot Service resource manager SDK and Azure Identity library:
dotnet add package Azure.ResourceManager.BotService
dotnet add package Azure.IdentityConfigure environment variables for authentication and resource targeting:
export AZURE_SUBSCRIPTION_ID="your-subscription-id"
export AZURE_TENANT_ID="tenant-id"
export AZURE_CLIENT_ID="client-id"
export AZURE_CLIENT_SECRET="client-secret"Initialize the ARM client with DefaultAzureCredential:
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.BotService;
var credential = new DefaultAzureCredential();
ArmClient armClient = new ArmClient(credential);
SubscriptionResource subscription = await armClient.GetDefaultSubscriptionAsync();
ResourceGroupResource resourceGroup = await subscription.GetResourceGroups()
.GetAsync("myResourceGroup");
BotCollection botCollection = resourceGroup.GetBots();Before creating bots, you need a Microsoft App ID (MSA App ID) registered in Azure Active Directory. This identity authenticates the bot with Azure Bot Service and channel platforms.
Key Features
Bot Resource Creation: The SDK supports creating Azure Bot resources with configurable SKUs (F0 free tier, S1 standard), bot kinds (Azure Bot, Function Bot, SDK Bot), and MSA app types (multi-tenant, single-tenant, user-assigned managed identity). You specify the bot endpoint where Azure Bot Service will forward messages received from channels.
Multi-Channel Configuration: Configure channels through strongly-typed classes specific to each platform. DirectLine channels support v1/v3 protocols and secure site configurations. Teams channels can enable or disable calling capabilities. Web Chat channels generate embeddable widget configurations. Each channel has platform-specific properties validated by the SDK.
DirectLine Key Management: DirectLine channels use secret keys for authentication. The SDK provides operations to list current keys and regenerate them for security rotation. Keys are scoped per site, allowing different keys for development and production websites consuming the same bot.
OAuth Connection Settings: For bots requiring user authentication (accessing Microsoft Graph, third-party APIs), create OAuth connection settings that specify client IDs, secrets, scopes, and service provider configurations. The Bot Framework SDK automatically handles OAuth flows using these settings.
Async Operations: All SDK methods are asynchronous with WaitUntil.Completed or WaitUntil.Started options. Resource creation typically completes within seconds, but the SDK properly handles long-running operations with polling and completion detection.
Resource Updates: Update bot properties like display name, description, and endpoint without recreating resources. Channel configurations can be updated independently, enabling changes to Teams settings or DirectLine sites without affecting other channels.
Usage Examples
Creating a production bot resource with multi-tenant MSA app:
using Azure.ResourceManager.BotService;
using Azure.ResourceManager.BotService.Models;
var botData = new BotData(AzureLocation.WestUS2)
{
Kind = BotServiceKind.Azurebot,
Sku = new BotServiceSku(BotServiceSkuName.S1),
Properties = new BotProperties(
displayName: "Customer Support Bot",
endpoint: new Uri("https://support-bot.azurewebsites.net/api/messages"),
msaAppId: "12345678-1234-1234-1234-123456789012")
{
Description = "Automated customer support assistant",
MsaAppType = BotMsaAppType.MultiTenant
}
};
ArmOperation<BotResource> operation = await botCollection.CreateOrUpdateAsync(
WaitUntil.Completed,
"customer-support-bot",
botData);
BotResource bot = operation.Value;
Console.WriteLine($"Bot endpoint: {bot.Data.Properties.Endpoint}");Configuring a DirectLine channel with secure sites enabled:
BotResource bot = await botCollection.GetAsync("customer-support-bot");
BotChannelCollection channels = bot.GetBotChannels();
var channelData = new BotChannelData(AzureLocation.WestUS2)
{
Properties = new DirectLineChannel()
{
Properties = new DirectLineChannelProperties()
{
Sites =
{
new DirectLineSite("Production Site")
{
IsEnabled = true,
IsV1Enabled = false,
IsV3Enabled = true,
IsSecureSiteEnabled = true,
TrustedOrigins = { "https://www.example.com" }
}
}
}
}
};
await channels.CreateOrUpdateAsync(
WaitUntil.Completed,
BotChannelName.DirectLineChannel,
channelData);Adding Microsoft Teams channel for enterprise collaboration:
var teamsChannelData = new BotChannelData(AzureLocation.WestUS2)
{
Properties = new MsTeamsChannel()
{
Properties = new MsTeamsChannelProperties()
{
IsEnabled = true,
EnableCalling = true,
CallingWebHook = new Uri("https://bot.example.com/calling")
}
}
};
await channels.CreateOrUpdateAsync(
WaitUntil.Completed,
BotChannelName.MsTeamsChannel,
teamsChannelData);Best Practices
Always use DefaultAzureCredential for authentication. It supports multiple authentication methods including environment variables, managed identity, Azure CLI, and Visual Studio, automatically selecting the appropriate method for your environment.
Store MSA App credentials securely in Azure Key Vault, not in configuration files or environment variables. Use managed identity to access Key Vault from your bot application, avoiding hardcoded secrets in application code.
Consider using user-assigned managed identity (BotMsaAppType.UserAssignedMSI) for production bots instead of multi-tenant MSA apps. Managed identities eliminate credential management and provide better security through Azure RBAC integration.
Enable secure sites for DirectLine channels in production. Secure sites restrict DirectLine connections to trusted origins, preventing unauthorized websites from consuming your bot's messaging endpoint.
Start with the F0 (free) SKU for development and testing, then upgrade to S1 (standard) for production. The free tier limits messages per month, while standard tier supports unlimited messaging with per-message pricing.
Configure only the channels you actually use. Each enabled channel increases the attack surface and requires monitoring. Disable unused channels to reduce security risk and simplify management.
Implement proper error handling for RequestFailedException. Azure ARM operations can fail due to quota limits, invalid configurations, or transient errors. Check the HTTP status code and error code for specific failure reasons.
When to Use This Skill
Use this skill when automating bot infrastructure deployment alongside bot application code. Teams deploying bots to Azure should provision Bot Service resources programmatically to ensure consistent configuration across environments (dev, staging, production).
It's ideal for platform teams building self-service bot deployment systems. Create internal APIs that allow developers to provision their own bot resources with approved configurations, governance policies enforced through code.
The skill is valuable for multi-tenant bot platforms where each customer gets dedicated bot resources. Programmatically create Bot Service resources per tenant, configure channels based on tenant preferences, and manage OAuth connections for tenant-specific integrations.
Use it for managing channel configurations at scale. If you're maintaining dozens of bots with similar channel requirements, programmatic management enables templated channel creation and bulk configuration updates.
When Not to Use This Skill
Don't use this skill for implementing bot conversation logic. The Bot Framework SDK (Microsoft.Bot.Builder) handles message processing, dialog management, and conversation state. This resource manager SDK only provisions the infrastructure where bots run.
If you're deploying bot infrastructure using ARM templates, Bicep, or Terraform, you don't need this SDK for resource creation. Those tools provide declarative resource definitions often simpler for infrastructure provisioning. Use this SDK when you need programmatic logic, validation, or integration with custom systems.
Avoid it for sending or receiving bot messages. Channel APIs and the Bot Framework Connector service handle message exchange. This SDK manages channel configuration, not message traffic.
Don't use it for one-time bot creation through the Azure portal. The SDK adds value for automated, repeatable provisioning workflows, not single manual operations.
Related Skills
- azure-mgmt-botservice-py - Manage Bot Service resources using Python
- azure-servicebus-dotnet - Integrate with Azure Service Bus for event-driven bot architectures
- azure-mgmt-applicationinsights-dotnet - Monitor bot telemetry with Application Insights
Source
This skill is provided by Microsoft as part of the Azure SDK for .NET. Learn more at the NuGet package page, explore the API reference documentation, and view source code on GitHub.