Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard
verified publisher icon Azure

Bug Report: Policy initiative for Azure Bot Services only considers "Bot" groupId, missing "Token" groupId

Open juanandmsft opened this issue 7 months ago • 1 comments

Describe the bug The ESLZ policy initiative for Azure Bot Services only has "bot" groupId, but "Token" groupId is missing.

Notice that each groupId uses different DNS Zones.

The initiative does not specify the privateEndpointGroupId used by the built-in policy, so it defaults to "Bot".

Will need two policyDefinitionReferenceIds, i.e. one "DINE-Private-DNS-Azure-BotService" for "Bot" and one for DINE-Private-DNS-Azure-BotServiceToken for "Token".

IIRC, previous versions of the initiative were including both groupIds.

Steps to reproduce

  1. Create an Azure Bot Service.
  2. Create a Private Endpoint for "Bot" and another for "Token" groupIds.
  3. Only "Bot" gets the zone associated to "directline.botframework.com" zone.
  4. The "Token" PE does not get associated to "privatelink.token.botframework.com" zone.

juanandmsft avatar Jun 28 '25 10:06 juanandmsft

@juanandmsft will add to the backlog.

Springstone avatar Jul 03 '25 09:07 Springstone