Update update-bot-me-app-to-use-certificate-or-msi-for-authentication.md

MicrosoftDocs · surbhigupta12 · Oct 28, 2024 · Sep 12, 2024 · Sep 12, 2024 · Sep 12, 2024
commit 0c7302a50b4d7ea3f6749800defbcf0740012ef8
diff --git a/...tform/toolkit/update-bot-me-app-to-use-certificate-or-msi-for-authentication.md b/...tform/toolkit/update-bot-me-app-to-use-certificate-or-msi-for-authentication.md
@@ -9,11 +9,11 @@ ms.localizationpriority: high
 
 # Update bot or message extension app to use certificate or MSI for authentication
 
-Update your bot or message extension app to authenticate using a certificate or Managed Service Identity (MSI), instead of a bot ID and secret. This action resolves compliance concerns related to the use of Microsoft Entra ID and a secret.
+You can use certificate- or MSI-based authentication to validate your bot app instead of bot ID and secret. This authentication resolves the compliance concerns related to the use of Microsoft Entra ID and bot secret.
 
 ## Prerequisites
 
-Ensure that you've a Teams bot app deployed to Azure with the following resources:
+Ensure that you have a Teams bot app deployed to Azure with the following resources:
 
 * An Azure bot.
 * An Entra ID with a secret used for bot authentication.
@@ -23,13 +23,15 @@ Ensure that you've a Teams bot app deployed to Azure with the following resource
 
 To update your bot app to use certificate based authentication:
 
-* [Create and upload certificate in Azure AD](#create-and-upload-certificate-in-azure-ad)
-* [Update the bot app code](#update-the-bot-app-code)
-* [Delete bot secret](#delete-bot-secret)
+1. [Create and upload certificate in Azure AD](#create-and-upload-certificate-in-azure-ad)
+1. [Update the bot app code](#update-the-bot-app-code)
+1. [Delete bot secret](#delete-bot-secret)
 
 ## Create and upload certificate in Azure AD
 
-1. Obtain a certificate and private key.
+To use a certificate for bot authentication:
+
+1. Prepare a certificate and private key.
 
 1. Go to [Azure portal](https://ms.portal.azure.com).
 
@@ -50,7 +52,7 @@ To update your bot app to use certificate based authentication:
     > [!NOTE]
     > Upload a certificate (public key) with one of the following file types: .cer, .pem, .crt.
 
-1. Upload a certificate.
+1. Upload the certificate you prepared.
 
 1. Enter **Description**.
 
@@ -60,6 +62,8 @@ To update your bot app to use certificate based authentication:
 
 ## Update the bot app code
 
+Follow the steps to update the bot app code: 
+
 1. Open your bot app project in Visual Studio or Visual Studio Code.
 1. Update your code.
 
@@ -92,7 +96,18 @@ To update your bot app to use certificate based authentication:
 
 ## Delete bot secret
 
-1. Go to [Azure portal](https://ms.portal.azure.com), and open your bot service.
+Ensure that your bot app uses the certificate for authentication before you delete the bot secret.
+
+To delete the bot secret:
+
+1. Go to [Azure portal](https://ms.portal.azure.com).
+1. Select **App registrations**.
+
+    :::image type="content" source="../assets/images/include-files/azure-app-registration.png" alt-text="Screenshot shows the Azure services to select App registrations.":::
+
+1. Select your registered app.
+
+1. In the left pane, under **Manage**, select **Certificates & secrets**.
 1. Delete the secrets from Entra.
 
     :::image type="content" source="../assets/images/teams-toolkit-v2/delete-client-secret-value.png" alt-text="Screenshot shows the delete client secret value.":::
@@ -103,17 +118,18 @@ Your bot app now uses the certificate for authentication.
 
 To update your bot app to use MSI based authentication:
 
-* [Create bot service with MSI type in Azure AD](#create-bot-service-with-msi-type-in-azure-ad)
-* [Update your bot app code for MSI](#update-your-bot-app-code-for-msi)
-* [Delete the previous bot details](#delete-the-previous-bot-details)
-
-## Create bot service with MSI type in Azure AD
+1. [Create bot service with MSI type in Azure AD](#create-bot-service-with-msi-type-in-azure-ad)
+1. [Update your bot app code for MSI](#update-your-bot-app-code-for-msi)
+1. [Delete the previous bot details](#delete-the-previous-bot-details)
 
 > [!NOTE]
 > The **Azure Bot** service ID and type can't be modified after creation.
 
+## Create bot service with MSI type in Azure AD
+
 To create a new **Azure Bot** service with MSI type, follow these steps:
 
+1. Go to [Azure portal](https://ms.portal.azure.com).
 1. Go to **Home**.
 1. Select **+ Create a resource**.
 1. In the search box, enter **Azure Bot**.
@@ -129,7 +145,7 @@ To create a new **Azure Bot** service with MSI type, follow these steps:
 
     :::image type="content" source="../assets/images/include-files/create-azure-bot.png" alt-text="Screenshot shows the option resource group and subscription in the Azure portal.":::
 
-    If you don't have an existing resource group, you can create a new resource group. To create a new resource group, follow these steps:
+    If you don't have an existing resource group, you can create a new resource group. To create a new Azure bot service and managed identity, follow these steps:
 
     1. Select **Create new**.
     1. Enter the resource name and select **OK**.
@@ -157,6 +173,8 @@ To create a new **Azure Bot** service with MSI type, follow these steps:
 
 ## Update your bot app code for MSI
 
+To update the bot app code for MSI, follow these steps:
+
 1. Update your code and deploy.
 
     # [JavaScript](#tab/js2)
@@ -193,6 +211,7 @@ To create a new **Azure Bot** service with MSI type, follow these steps:
 
 ## Delete the previous bot details
 
+1. Go to [Azure portal](https://ms.portal.azure.com).
 1. Delete the old Azure bot and the Entra ID.
 
 Your bot app now uses MSI for authentication.