Custom Tracing in API Management
May 7, 2025🚨AVD Update: Redirection Defaults are Changing!
May 7, 2025
Introduction
DisableLocalAuth in Azure Bot Service is a feature that allows you to disable local authentication methods, such as using keys or tokens, and enforce the use of Microsoft Entra ID (formerly Azure Active Directory) for authentication. This enhances security by centralizing identity and access management, reducing the risk of unauthorized access through compromised local credentials
Why Use DisableLocalAuth?
- Enhanced Security: By disabling local authentication, you ensure that only Microsoft Entra ID can be used for authentication, which is more secure and manageable.
- Centralized Management: It simplifies the management of credentials and access policies through a single identity provider.
- Compliance: Helps meet organizational security policies and compliance requirements by enforcing stricter authentication methods.
When to Enable DisableLocalAuth?
- High-Security Environments: When operating in environments that require stringent security measures.
- Centralized Identity Management: When you want to manage all identities and access through Microsoft Entra ID.
- Compliance Requirements: When there are specific compliance requirements that mandate the use of centralized authentication methods.
When to Disable DisableLocalAuth?
- Legacy Systems: If you have legacy systems or applications that rely on local authentication methods.
- Transition Periods: During transition phases where both local and Microsoft Entra ID authentication methods are needed.
- Specific Use Cases: For specific scenarios where local authentication is necessary and cannot be replaced immediately.
How to Disable DisableLocalAuth
Using Azure Portal
1. Navigate to your Bot Service:
- Go to the Azure Portal.
- Select your Bot Service resource.
2. Update the disableLocalAuth Setting:
- In the settings of your Bot Service, look for the disableLocalAuth option.
- Set it to true.
Using Azure CLI
1. Check Current Setting:
- Use the following command to check if disableLocalAuth is currently set to false:
az bot show –resource-group –name –query properties.disableLocalAuth
2. Update Setting to true:
- Use the following command to update the disableLocalAuth setting:
az bot update –resource-group –name –set properties.disableLocalAuth=true
3. Creating Test Resources with disableLocalAuth Set to true
To create a compliant resource, you can use an ARM template or Azure CLI. Here’s an example using an ARM template:
JSON
{
“type”: “Microsoft.BotService/botServices”,
“apiVersion”: “2021-03-01”,
“location”: “global”,
“name”: “testbotpolicy”,
“properties”: {
“displayName”: “testbotpolicy”,
“disableLocalAuth”: true,
“msaAppId”: “a6f3e184-090c-4c47-9592-9139b80ceba5”,
“msaAppType”: “MultiTenant”
},
“sku”: {
“name”: “S1”
},
“kind”: “azurebot”
}
Deploy this template using the Azure CLI:
az deployment group create –resource-group –template-file
Verifying Compliance
After creating the resource, you can verify compliance with your Azure Policy by checking the disableLocalAuth setting.
This is how you can disbaleLocalAuth on your azure bot !