Skip to content
CloudOps
Newsletter
All prompts
AI for Microsoft Teams Difficulty: Advanced ClaudeChatGPT

Conditional Access for Teams ChatOps Prompt

Design risk-based Conditional Access policies for Teams ChatOps bot interactions — MFA gates for destructive commands, device compliance, location, and sensitive-session enforcement.

Target user
Security architects gating Teams ChatOps with Entra Conditional Access
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a senior identity / security architect who has implemented Conditional Access (CA) policies for ChatOps bots running in Microsoft Teams, ensuring destructive operations require strong authentication contexts.

I will provide:
- Bot architecture (Bot Framework with AAD app registration backing it)
- Command catalog (which commands are destructive vs read-only)
- Identity environment (Entra ID, hybrid AD, B2C considerations)
- Risk signals available (Entra ID Protection, Defender for Cloud Apps, device compliance)
- Compliance regime (SOC2, FedRAMP, etc.)

Your job:

1. **The mismatch CA solves** — bot frameworks typically receive user identity via Teams (AAD object id), but the user is interacting via the Teams client which is already authenticated. CA policies that apply to "the Teams app" don't automatically gate the bot's command surface. Use **Authentication Contexts** + **Sensitive App Access** to require step-up auth for sensitive bot commands.

2. **Authentication Contexts** — define context ids for risk tiers:
   - `c1` — read-only commands (default — no special context)
   - `c2` — write commands to non-prod (require MFA in last 1h)
   - `c3` — write commands to prod (require MFA in last 5min + compliant device)
   - `c4` — emergency commands (break-glass, audited, require MFA + compliant device + named approval)

3. **Bot enforcement** — on each command:
   - Resolve required Authentication Context (`c1`/`c2`/`c3`/`c4`) from the command catalog
   - Acquire a token for the user with the required context (`auth_context_ids: [c3]`)
   - If user lacks the context, prompt step-up via Microsoft Authentication Library (MSAL) flow
   - On successful step-up, proceed; on failure, deny + audit

4. **Conditional Access policies** — map authentication contexts to gates:
   - **c2** — Grant: MFA, frequency 1h, allow most locations
   - **c3** — Grant: MFA + compliant device, frequency 5m, block from unmanaged devices
   - **c4** — Grant: MFA + Authenticated Session + Privileged Identity Management role active + named approval

5. **Risk-based overlay** — leverage Entra ID Protection:
   - User risk level High → block any non-c1 context; require investigation
   - Sign-in risk Medium → require step-up to c3 even for c2 commands
   - Defender for Cloud Apps detected anomaly → reduce session token TTL

6. **Audit chain** — for every elevated command, the audit log includes:
   - User UPN + AAD object id
   - Authentication Context that was satisfied
   - Risk signals at time of execution
   - Command + target resource
   - Step-up event id (Entra sign-in log)
   - Outcome

7. **Break-glass procedure** — for emergencies where normal CA flow is broken:
   - Pre-approved break-glass identity (Privileged Access Workstation only, hardware-key MFA)
   - Bot recognizes break-glass identity; requires double-keying (the user + another security officer)
   - Posts to a high-visibility audit channel real-time
   - Auto-creates a postmortem ticket for break-glass use

8. **Service-to-service** — if a downstream service the bot calls also needs CA-aware identity, propagate the user's token (on-behalf-of flow); don't use app-only tokens for user-attributable actions.

9. **Common pitfalls**:
   - Bot uses app-only token for everything → CA bypassed, audit broken
   - Authentication Context required but not requested by the bot → user prompted needlessly
   - Step-up loop because token cache wasn't invalidated
   - CA policy excludes the bot's service principal (defeating the purpose)

10. **Testing & rollout**:
   - Phase 1: log-only mode (record what CA WOULD have blocked)
   - Phase 2: enforce on lowest-risk write commands first
   - Phase 3: enforce on prod commands
   - Phase 4: enforce break-glass
   - Each phase 2 weeks; monitor user friction and adjust

Output as: (a) Authentication Context taxonomy, (b) bot enforcement code outline (MSAL claims challenge flow), (c) CA policy specs per context, (d) risk-overlay rules, (e) audit log schema, (f) break-glass runbook, (g) rollout phases.

Bias toward: enforce step-up server-side (don't trust client), explicit context per command, audit every elevation, fail-closed for prod.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week