Can we configure a private connection between our on-premise server and the Azure AI Bot Service, while still allowing public access for other channels like Webchat and WhatsApp?

Hello Abdalla,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you would like to know if you can configure a private connection between our on-premise server and the Azure AI Bot Service, while still allowing public access for other channels like Webchat and WhatsApp.

Yes, the idea of using VPN/ExpressRoute for private access from on-premises is valid and supported - https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking Also using Azure API Management or Application Gateway as a secure public ingress point is a best practice.

Your Architecture will look like the below:

Refer to the links below for more technical steps and considerations:

• Enable VNet Integration for the App Service - https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint
• Connect On-Prem via VPN or ExpressRoute - https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking
• Use Private Endpoint to restrict access to the bot from on-prem only -https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint
• To secure public endpoint and restrict access using Service Tags- https://techcommunity.microsoft.com/blog/iis-support-blog/navigating-azure-bot-networking-key-considerations-for-privatization/4284592

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.