Using MS Teams cloud service from an on-premise installation

Hello All,

Some of our on-premise users had faced some challenges in accessing MS Teams as a bot channel.
Let us say you are using MS teams (SaaS) which is Azure. Your Kore.ai platform is set up on a different cloud (Say AWS) or physical server in your premise. Now you will need to ensure that these two systems are able to communicate with each other.

Here are some guidelines to be followed:

  1. Firstly, the Kore platform should be reachable from the channel and vice versa. If that is not the case (Say both the systems are in different networks), your on-premise set-up may need to be exposed to the Internet (as per your internal enterprise/security policies). This will enable the channel to reach your premise installation server.

  2. As per the best practices (and Kore.ai’s recommendation), we do not recommend exposing the Kore platform directly to the public internet. Rather, we recommend the approach of having a load balancer that is integrated with a WAF (For example, usually, AWS ELB comes with WAF) and exposing only the ELB to public internet traffic (This is a common approach implemented by other enterprises to resolve such situations and security concerns) or via a reverse proxy (Nginx / Apache) deployed in DMZ.

  3. Then, to control the incoming traffic, we recommend that a specific URL pattern should be whitelisted by enabling rules in WAF / reverse proxy. This will restrict other requests from hitting the Kore platform.

Specific to the MS teams channel, the below URL pattern needs to be whitelisted to be allowed
/hooks/msbotframework/